| Re: Shocking amount of PHP security holes? [message #171086 is a reply to message #171083] |
Thu, 23 December 2010 23:50   |
Michael Fesser
Messages: 215
Registered: September 2010
Karma:
|
Senior Member |
|
|
.oO(Ignoramus30015)
> On 2010-12-23, ?lvaro G. Vicario <alvaro(dot)NOSPAMTHANX(at)demogracia(dot)com(dot)invalid> wrote:
>>
>> It was a wrong design decision taken by the PHP team many years ago. In
>> earlier versions PHP would automatically create variables from several
>> input sources so you could code <input type="text" name="email"> and
>> automatically get user data available at $email. After that, the web
>> evolved, security become a concern and this feature was (kind of) disabled.
>
> Thanks. Is there a way to for sure disable it, across the board, for
> all PHP programs?
The keyword is 'register_globals'. Make sure that it's disabled.
Micha
|
|
|
|
Calendar
Search
Help
Members
Register
Login
Home
]