[thelist] os commerce instal

[Rich Gray]

>Funny I was just writing a mail about this.  What are the reasons for not
have
>globals on?

Security is the main reason. Having globals set to On makes it easier for a
malicious user to set variables in your scripts by putting them in the query
string. This attack depends on how badly your script is coded and it also
relies on guessing the correct variable name but here is a simplistic
example...

<?
// This is a bad script
if (!$admin) {
	echo 'No acccess allowed';
	exit();
}

// Admin only stuff happens here
...
?>

An attacker could call your script with ?admin=yes as a query string. With
register_globals on the attacker would then have access to the admin
functions. With globals off the $admin var would not be set so the script
would work as intended.

HTH
Rich