Your Open Source

Free YourOpenSource Softwares Online Resources and Softwares Downloads with Demo

 
Related Links

PHP

Security:: $_REQUEST and $_SERVER

$_REQUEST


The $_REQUEST super-global merges data from
different input methods, like register_globals it
is vulnerable to value collisions.
PHP.ini: variables_order = GPCS
echo $_GET['id']; // 1

echo $_COOKIE['id']; // 2

echo $_REQUEST['id']; // 2

$_SERVER


    Even though the $_SERVER super-global is populated based on data supplied by the webserver it should not be trusted.
  • User may inject data via headers Host: <script> ...
  • Some parameters contain data based on user input
    REQUEST_URI, PATH_INFO, QUERY_STRING
  • Can be fakes
    Spoofed IP address via the use of anonymous proxies


>

  • hits 235
  • datetime Oct 06 08 11:26:52
  • author Sekar
  • rating

Rating : 12345

Comments
No Reply..

Quick Reply or Comments
Preview
Your Name:
Your Reply :
<> is a code tag
Enter the verification code: