PHP and register_globals...
This is to continue a potentially useful discussion in a relevant forum:
Quote:
Originally posted here by slarty
A secure well-written PHP app can easily contain a vulnerability when register_globals is enabled, but be secure otherwise.
This is why my apps always check for register_globals and produce an error message if it's on.
If an app is vulnerable when register_globals is enabled, it isn't secure or well-written IMO. Please cite examples of "secure well-written PHP app"(s) that are vulnerable only when register_globals is switched on.
To my knowledge, the only time register_globals can affect anything is when scripts don't do their own proper variable initialization, in which case they are far from secure or well written.