This post originated from an RSS feed registered with Java Buzz
by Fred Grott.
Original Post: Globals in PHP
Feed Title: ShareMe Technologies LLC-The Mobile Future
Feed URL: http://www.jroller.com/shareme/feed/entries/rss
Feed Description: A Weblog about Java programming and digital convergence on mobile devices in such areas as P2P and collaborative technology.
Often is hard for non experienced new comers to PHP to understnad that they should not use global varaibles in PHP. One, all web servers and thier scripts run as root thus you musty be proactive in securing your scripts. Two, older versiosn of PEAR have globals turned on by default.
I first ran into this problem when reviewing web application code bases at eCorp.com five years ago. Both Chad Folkening and Megan Van Petten did not understand that global varaibles need to be turned off until newerer versions of PHP PEAR were installed and secured.
Even today most pre-packaged lower end software in PHP such as bulletin boards and auciton/ecommerce software still has this problem. And we still will have this problem until global varaible fixes in PHP6. For those PHP coders you can get a handle ointhe vulnerabilities by reviewing this $GLOBALS Overwrite and it's Consequences Article.
Previous Topic
