Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Note: You can take 10% off all Slashdot Deals with coupon code "slashdot10off." ×

Submission + - Researchers Say PHP SuperGlobal Variables Are Critical Security Risks

Trailrunner7 writes: The ease with which PHP applications can be subverted should be pretty apparent by now given the number of botnets supported by compromised sites hosting PHP code.

The biggest culprit in the PHP universe may be a set of nine variables called SuperGlobals that provide programmers with development flexibility yet introduce dangerous vulnerabilities that allow attackers to externally modify these variables and run code of their choosing, conduct remote file inclusion, or bypass intrusion detection signatures.

Research released today by Imperva calls for a ban on SuperGlobal variables, vulnerabilities in which can be exploited to break application logic and hack servers hosting the wonky code. The result could be anything from fraud against online banking customers to loss of personal data.
This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

Researchers Say PHP SuperGlobal Variables Are Critical Security Risks

Comments Filter:

[A computer is] like an Old Testament god, with a lot of rules and no mercy. -- Joseph Campbell

Working...