YourOpenSource

YourOPENSOURCE.COM
Login     
Gateway to Free Your Opensource Softwares , Tutorials, Scripts and Downloads
Home Submit New CMS Directory Register
Categories
Products
Recent Keywords

References

PHP

Security:: $_REQUEST and $_SERVER

01234

$_REQUEST


The $_REQUEST super-global merges data from
different input methods, like register_globals it
is vulnerable to value collisions.
PHP.ini: variables_order = GPCS
echo $_GET['id']; // 1
echo $_COOKIE['id']; // 2
echo $_REQUEST['id']; // 2

$_SERVER


    Even though the $_SERVER super-global is populated based on data supplied by the webserver it should not be trusted.
  • User may inject data via headers Host: <script> ...
  • Some parameters contain data based on user input
    REQUEST_URI, PATH_INFO, QUERY_STRING
  • Can be fakes
    Spoofed IP address via the use of anonymous proxies


<< Solution to Register Globals Numeric Value Validation >>
  
Author: Sam      Updated: 06 Oct Mon 2008 05:10:52 Views :  59    

Rating : 12345

Bookmarks: Digg Yahoo delicious
Comments
No Comments..
Post your Comments
Your Name:
Comments :
Enter the verification code:
Related Articles