[thelist] PHP sessions & security, etc
Tom Dell'Aringa
pixelmech at yahoo.com
Wed Dec 11 18:57:01 CST 2002
--- Carl J Meyer <cjmeyer at npcc.net> wrote:
> Your code looks fine, with the exception of using the "register
> globals"
> feature. The advice you read not to use it is very sound, and you
> really should follow it. Not only are there serious security
> issues,
> but using 'register globals' also inevitably creates less readable,
> harder to maintain code. "Now where did that variable come
> from??".
Is there any quantifiable evidence to the fact that these
'superglobals' are unsafe? It seems strange that an open source
community like php would offer such unsafe functionality. I'm not
saying its not, but I'd like to see some hard facts.
>From what I have read (which isn't probably much compared to most of
you) the global variables were a great thing and are used everywhere.
What kind of security holes does it make? Are these globals somehow
accessible to an outside source? How would you pull a variable like
that out?
Add to this the fact that not all information is sensitive. The
information I am planning on passing isn't sensitive.
Tom
=====
var me = tom.pixelmech.webDeveloper();
http://www.pixelmech.com/
http://www.maccaws.com/
[Making A Commercial Case for Adopting Web Standards]
__________________________________________________
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com
More information about the thelist
mailing list