[prev in list] [next in list] [prev in thread] [next in thread]
List: php-general
Subject: Re: [PHP] Session Variable Security
From: Chris Shiflett <shiflett () php ! net>
Date: 2004-09-30 17:31:28
Message-ID: 20040930173128.72288.qmail () web52806 ! mail ! yahoo ! com
[Download RAW message or body]
--- GH <GaryHotko@gmail.com> wrote:
> Brian:
>
> What way should you not reference session variables? I seem to have
> missed that part of the discussion... Sorry.
I think he meant to be wary of register_globals and thinking you're
referencing a session variable when you use $foo rather than
$_SESSION['foo']. With register_globals enabled, you can't be sure of the
data's origin.
Chris
=====
Chris Shiflett - http://shiflett.org/
PHP Security - O'Reilly HTTP Developer's Handbook - Sams
Coming December 2004 http://httphandbook.org/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic