« tokenizer functions
Create JPG image from GIF image »

Register Globals And Security Issues

Register Globals And Security Issues

If we enable the register_globals in our php.ini,all the $_GET, $_POST and and other predefined variables are automatically available to our script.

For example www.test.php?get=1

if register global is on we can directly get the value of get using $get instead of using $_GET[’get’] or extracting the predefined variables.

But if we enable the register globals , lot of security vulnerabilities are there.

for example:

if($user_id == 1){
/* */
///////////
}

if user has typed www.test.php?user_id=1, now the if condition is satisfied.

so it is nice idea to intialize all the valiable before use.

This entry was posted on Wednesday, December 27th, 2006 at 1:07 pm and is filed under php programming. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Reply

You must be logged in to post a comment.

All material @ copyrighted by chrisranjana.com. If you want to link to this article you are welcome to do so. Unauthorized publication is strictly prohibited. This developer tutorial website contains articles by Php programmers , Software developers, Mysql programmers and asp c# programmers. This website also contains ajax tutorials and advanced mysql sql stored procedures and functions tutorials and sample codes.