[thelist] Re: PHP vrs Perl - 15 rounds
sbeam
sbeam at syxyz.net
Tue Mar 9 09:40:11 CST 2004
On Tuesday 09 March 2004 09:00, John.Brooking at sappi.com wrote:
> One thing I think is good about Perl is "taint mode", where it
> protects you from using data from outside the program in dangerous
> ways.
...
> Does PHP have anything similar?
unfortunately no and in fact it's worse than that with the whole
register_globals thing in versions <4.20 (PHP used to, by default,
automatically register incoming GET and POST parameters as variables in
the global scope... so you might have a var called $has_auth but not be
100% sure where it came from... and there is still plenty of stuff out
there that relies on this behavior)
PHP4 also does not have an equivalent to 'use strict', although it will
spit out warnings if E_ALL is set.
http://us2.php.net/manual/en/security.variables.php
The advice in the last paragraph there is very good.
lesson of the day: you can get yourself into an equally big mess using
PHP or perl.
--
# S Beam - Web App Dev Servs
# http://www.onsetcorps.net/
More information about the thelist
mailing list