[thelist] os commerce security
Rich Gray
rich at f1central.net
Thu Nov 7 06:12:01 CST 2002
>does this mean the work around hack is a security problem?
Yep, the reason I called it a hack is because it just emulates having
globals switched on i.e. it blindly sets all the super globals into named
variables without checking their validity. So it has the exact same security
implications that setting globals to on has. To be safer you would need to
roll your own function, but as you are working with a package it would be
quite a big task because at any one time you don't know which variables
coming in are valid to set and which ones aren't.... it would get messy :(
Rich
More information about the thelist
mailing list