On Tue, Mar 25, 2003 at 10:07:56AM +0200, Henri Bergius wrote: > > No, root used words like "fucking no way in hell" > > Hmm... I'd call this simply paranoia. All previous PHP
Paranoia can be your friend. > releases have been register_globals On anyway. > > And besides, it is stupid to not reset new variables > before usage anyway, and that is as far as I know the > only security risk in register_globals. Yes, and we all know there are 0 stupid/sloppy developers out there. Right? *grin* > I think Rasmus Lerdorf (or some other original PHP core > dev) said in an interview that the decision with > register_globals in new PHP versions was overreacting. I think it's just one less pitfall to stumble into. Yes, existing apps will need to be ported, but they will be better for it. Until PHP gets perls tainting mechanism. That's not likely to ever happen, though. Emile --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
