|
|
Posted by Geoff Berrow on 07/30/05 14:02
I noticed that Message-ID: <XMadnSh0Gsh7ZXffRVn-qg@comcast.com> from
Jerry Stuckle contained the following:
>
>You'd be much better to fix the problem than hide it. Then fix the major
>security problem cause by register_globals being on.
You know, I've been coming at this the wrong way for ages. Until now
I've been coding to allow for the fact that register_globals might be
off. While this is correct, I now realise that the most important thing
is to code on the assumption that they /might be on/ which they often
will be on production servers.
Simply turning register_globals off on your development server won't
make your scripts secure. In fact, I think too much is made of this.
register globals has been made out to be the bad guy for so long that
people are forgetting why.
If all variables are defined within the script what is so wrong with it?
--
Geoff Berrow (put thecat out to email)
It's only Usenet, no one dies.
My opinions, not the committee's, mine.
Simple RFDs http://www.ckdog.co.uk/rfdmaker/
Navigation:
[Reply to this message]
|