PHP - security etc

Adrian Howard adrianh at
Wed Mar 7 14:08:16 GMT 2007

On 7 Mar 2007, at 13:54, Andy Armstrong wrote:
> Thirdly the PHP team have historically had a rather cavalier  
> attitude to security. They've implemented a number of mechanisms  
> (register globals, URL wrappers for fopen et al, etc) that have  
> favoured ease of use over security.

And while modern PHPs do the "right thing" (e.g. switch off  
register_globals by default), there are still a lot of people whose  
first step is to switch it back on again :-)


More information about the mailing list