[prev in list] [next in list] [prev in thread] [next in thread] 

List:       php-general
Subject:    Re: [PHP] Session Variable Security
From:       Chris Shiflett <shiflett () php ! net>
Date:       2004-09-30 17:31:28
Message-ID: 20040930173128.72288.qmail () web52806 ! mail ! yahoo ! com
[Download RAW message or body]

--- GH <GaryHotko@gmail.com> wrote:
> Brian: 
> 
> What way should you not reference session variables? I seem to have
> missed that part of the discussion... Sorry.

I think he meant to be wary of register_globals and thinking you're
referencing a session variable when you use $foo rather than
$_SESSION['foo']. With register_globals enabled, you can't be sure of the
data's origin.

Chris

=====
Chris Shiflett - http://shiflett.org/

PHP Security - O'Reilly     HTTP Developer's Handbook - Sams
Coming December 2004        http://httphandbook.org/

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[prev in list] [next in list] [prev in thread] [next in thread]