Posted by Steve on 10/24/07 13:08

"C. (http://symcbean.blogspot.com/)" <colin.mckinnon@gmail.com> wrote in
message news:1193224500.133773.53850@e9g2000prf.googlegroups.com...
> On 24 Oct, 11:57, +mrcakey <mrca...@nospam.nospam> wrote:
>> I understand that register_globals was turned off by default as, unless
>> you initialised it, it could be altered by a malicious coder.
>>
>> What I don't understand is how the $_POST['foo'] form is any more
>> secure. Surely Mr Malicious Coder can still just send his own version
>> of $_POST['foo']?
>>
>> Obviously I'm missing something, I just can't figure out what!
>>
>> +mrcakey
>
> On its own, it probably isn't a big problem - its how it interacts
> with the rest of the code e.g.:
>
> <?php
> require_once("array_of_admin_users.inc.php");
> if (in_array($admin_users, $_SESSION['user'])) {
> $admin_user=true;
> }
>
> if ($admin_user) { ...

based on that code, nothing.

• Next in forum: Re: php regular expression doesn't match
• Prev in forum: Re: send email to me
• Thread view: Re: register_globals on / off - I think I'm missing the point

[Reply to this message]