LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Sponsored link

Vyatta – Linux & Open Source Alternative to Cisco – Advanced Routing, Firewall, VPN, QoS..
Free Download ->

Recent Features

Plugging into GCC

LWN.net Weekly Edition for October 2, 2008

Ubuntu debuts its Upstream Report

openSUSE and the distribution of proprietary software

LPC: What's happening with webcams

Printable page
Weekly edition Kernel Security Distributions Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ

Remote file inclusion vulnerabilities

Remote file inclusion vulnerabilities

Posted Oct 16, 2006 20:33 UTC (Mon) by jrigg (subscriber, #30848)
Parent article: Remote file inclusion vulnerabilities

Lots of ISPs still turn on register_globals. Mine does. Call me stupid (I use PHP after all), but isn't accepting form data without applying a paranoid level of checking first completely idiotic?

I suppose the problem is that PHP is an easy language to start programming in, so it allows people who perhaps shouldn't be programming at all to do stupid things. This is exacerbated by the fact that many of the introductory books avoid any discussion of security (I guess it's also an easy language to start writing about).

The obvious solution is to make it more difficult to use ;-)

(Log in to post comments)

Copyright © 2008, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds