houssam_ballout
New Member
hello all
In php: why is register_global = on has security issues?
Thanks
In php: why is register_global = on has security issues?
Thanks
php question
- Thread starter houssam_ballout
- Start date
One example would be if someone knew the name of a variable you were using and set it via request (ie used GET).
It's not completely unsecure, if you set default values for your variables or check to make sure your data is coming from where you think it is or if you only use $_POST/GET/COOKIE/SESSION then it's harder for the data to be set by an attacker but not impossible. Turning register globals off doesn't automatically mean your code is more secure either you have to check and validate anything that comes from the user.
It's not completely unsecure, if you set default values for your variables or check to make sure your data is coming from where you think it is or if you only use $_POST/GET/COOKIE/SESSION then it's harder for the data to be set by an attacker but not impossible. Turning register globals off doesn't automatically mean your code is more secure either you have to check and validate anything that comes from the user.