Remote file inclusion vulnerabilities
Posted Oct 16, 2006 20:33 UTC (Mon) by jrigg
Parent article: Remote file inclusion vulnerabilities
Lots of ISPs still turn on register_globals. Mine does. Call me stupid (I use PHP after all), but isn't accepting form data without applying a paranoid level of checking first completely idiotic?
I suppose the problem is that PHP is an easy language to start programming in, so it allows people who perhaps shouldn't be programming at all to do stupid things. This is exacerbated by the fact that many of the introductory books avoid any discussion of security (I guess it's also an easy language to start writing about).
The obvious solution is to make it more difficult to use ;-)
to post comments)