[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

register_globals in php4

Hello list,

php4.1 recommends to set register_globals=off in php.ini to make php
more strict.  My question is, if I turn off register_globals, what will
happen if any malicious user just try to modify the variable values in
the url? Say,


Does it work if user just change the value in the URL directly and send
the url directly to web server?

How can we avoid the malicious attack by directly http GET/POST with
modified parameter values to make possible system error or compromise?

Patrick Hsieh <pahud@pahud.net>
GPG public key http://pahud.net/pubkeys/pahudatpahud.gpg

To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to: