Thread: Security in PHP
View Single Post
  #53 (permalink)  
Old 03-28-2008, 12:01 AM
Jeyaseelansarc Jeyaseelansarc is offline
D-Web Genius
  
Join Date: Mar 2007
Location: Chennai
Posts: 1,162
Jeyaseelansarc is on a distinguished road
Send a message via AIM to Jeyaseelansarc
Default Re: Security in PHP
Using Register Globals

When on, register_globals will inject your scripts with all sorts of variables, like request variables from HTML forms. This coupled with the fact that PHP doesn't require variable initialization means writing insecure code is that much easier. It was a difficult decision, but the PHP community decided to disable this directive by default. When on, people use variables yet really don't know for sure where they come from and can only assume. Internal variables that are defined in the script itself get mixed up with request data sent by users and disabling register_globals changes this.
__________________
With,
J. Jeyaseelan
Everything Possible
Reply With Quote