php security problem

charliehk

Would there be any security problem if global_register is set to ON instead of OFF?

What is the worst scenario?

If there is really a problem, how to fix that given the constraint that Global_register must be set ON?

Rhysige

make a .htaccess file into your main directory and put

charliehk

thanks for helping; Let's say setting Global_register = ON is a constraint for me, I would like to know what outsiders could do (what their tricks are) and the damages may caused by the loopholes (if any);

Of course, if there are loopholes, it is desirable for me to understand how to deal with them (without setting off Global_register). For example, where I should put an eye on ...

Smile

Grimboy

User: http://yoursite.com/yourpage.php?member=true

Script

if(blah-blah-blah){
$member=true;
}

if($member){
echo "you are a member";
}

---

That sort of thing. Personally I would say it's not worth it. It makes it easier to forget to verify them as well.

charliehk

thanks a lot for your code!!

Do you mean that if every variables used in the php code are initialized properly, then the code is as safe as the case where "Global_register = OFF"?