[PHP] Register globals off, still not secure?

[Patrick Hutchinson]

Hi, Even with register globals off isn't it possible to have a webpage 
like this:

<html>
<head>
</head>
<h2>Hello, <?php echo $_SERVER['PHP_AUTH_USER']; ?>
<p>I know your password is <?php echo $_SERVER['PHP_AUTH_PW']; ?>
<body>
</body>
<html>
Is there a way to make sure apache doesn't set the $SERVER['PHP_AUTH_PW 
'] global?

Thanks.

--
/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\
Patrick Hutchinson                              [EMAIL PROTECTED]
Engineering Web Systems Administrator           408.527.0305 direct
Cisco Systems, Inc.                             408.527.2313 fax
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php