[thelist] os commerce security
Andrew Maynes
andrew at humanbehaviour.co.uk
Thu Nov 7 07:07:01 CST 2002
chher Rich
Andrew
-----Original Message-----
From: thelist-admin at lists.evolt.org
[mailto:thelist-admin at lists.evolt.org]On Behalf Of Rich Gray
Sent: Thursday, November 07, 2002 12:11
To: thelist at lists.evolt.org
Subject: RE: [thelist] os commerce security
>does this mean the work around hack is a security problem?
Yep, the reason I called it a hack is because it just emulates having
globals switched on i.e. it blindly sets all the super globals into named
variables without checking their validity. So it has the exact same security
implications that setting globals to on has. To be safer you would need to
roll your own function, but as you are working with a package it would be
quite a big task because at any one time you don't know which variables
coming in are valid to set and which ones aren't.... it would get messy :(
Rich
--
For unsubscribe and other options, including
the Tip Harvester and archive of thelist go to:
http://lists.evolt.org Workers of the Web, evolt !
---
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.410 / Virus Database: 231 - Release Date: 31/10/2002
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.410 / Virus Database: 231 - Release Date: 31/10/2002
More information about the thelist
mailing list