Yes. My understanding turning globals off stops using $PHP_AUTH_PW directly.
> Hi, Even with register globals off isn't it possible to have a webpage > like this: > > <html> > <head> > </head> > > <h2>Hello, <?php echo $_SERVER['PHP_AUTH_USER']; ?> > <p>I know your password is <?php echo $_SERVER['PHP_AUTH_PW']; ?> > > <body> > </body> > <html> > > > Is there a way to make sure apache doesn't set the $SERVER['PHP_AUTH_PW > '] global? > > Thanks. > > -- > /\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\ > Patrick Hutchinson [EMAIL PROTECTED] > Engineering Web Systems Administrator 408.527.0305 direct > Cisco Systems, Inc. 408.527.2313 fax > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
