Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror

Submission + - Researchers Say PHP SuperGlobal Variables Are Critical Security Risks

Trailrunner7 writes: The ease with which PHP applications can be subverted should be pretty apparent by now given the number of botnets supported by compromised sites hosting PHP code.

The biggest culprit in the PHP universe may be a set of nine variables called SuperGlobals that provide programmers with development flexibility yet introduce dangerous vulnerabilities that allow attackers to externally modify these variables and run code of their choosing, conduct remote file inclusion, or bypass intrusion detection signatures.

Research released today by Imperva calls for a ban on SuperGlobal variables, vulnerabilities in which can be exploited to break application logic and hack servers hosting the wonky code. The result could be anything from fraud against online banking customers to loss of personal data.
This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

Researchers Say PHP SuperGlobal Variables Are Critical Security Risks

Comments Filter:

At these prices, I lose money -- but I make it up in volume. -- Peter G. Alaquon

Working...