Your Open Source
Free YourOpenSource Softwares Online Resources and Softwares Downloads with Demo
PHP
Security:: $_REQUEST and $_SERVER
$_REQUEST
The $_REQUEST super-global merges data from
different input methods, like register_globals it
is vulnerable to value collisions.
PHP.ini: variables_order = GPCS
echo $_GET['id']; // 1 echo $_COOKIE['id']; // 2 echo $_REQUEST['id']; // 2
$_SERVER
- Even though the $_SERVER super-global is populated based on data supplied by the webserver it should not be trusted.
- User may inject data via headers Host: <script> ...
- Some parameters contain data based on user input
REQUEST_URI, PATH_INFO, QUERY_STRING - Can be fakes
Spoofed IP address via the use of anonymous proxies
<< Solution to Register Globals Numeric Value Validation >>
130
06 Oct Mon 2008 05:10:52
Sekar-
Rating : 
Bookmarks:
Digg
Yahoo
delicious
Digg
Yahoo
delicious
|
|||
|
|||
Featured
Categories
Top User's
 | Sekar
Posts 118 $60.04 USD |
 | Damu
Posts 56 $13.02 USD |
 | Psbharathy
Posts 9 $1.31 USD |
 | Eric
Posts 6 $2.94 USD |
| Gary
Posts 6 $7.93 USD |