|
Posted by Jerry Stuckle on 09/20/06 21:49
Bob wrote:
> Jerry Stuckle wrote:
>
>
>>First of all, you need to set register_globals to OFF. Having it on is
>>a potential security threat, which is why it now defaults to off.
>
>
>
> $_SERVER['REMOTE_USER'] worked with register_globals both ON and OFF.
> I left it to OFF as everyone has suggested.
>
Yes, $_SERVER['REMOTE_USER'] works either way. With register_globals
on, either $_SERVER['REMOTE_USER'] or $REMOTE_USER works.
The problem comes in when someone uses a url such as:
http://www.example.com/admin?REMOTE_USER=admin
This would also set $REMOTE_USER, but not $_SERVER['REMOTE_USER']
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================
[Back to original message]
|