PHP ʖ²ἯTH º󍋼/A Ղ 5. °²ȫ ;Ӄȫ¾ֱ䁿ע²ᣨRegister Globals£© One feature of PHP that can be used to enhance security is configuring PHP with register_globals = off. By turning off the ability for any user-submitted variable to be injected into PHP code, you can reduce the amount of variable poisoning a potential attacker may inflict. They will have to take the additional time to forge submissions, and your internal variables are effectively isolated from user submitted data. While it does slightly increase the amount of effort required to work with PHP, it has been argued that the benefits far outweigh the effort. =ד 5-14. Ԛ register_globals = on µć鿶ς¹¤׷ ?php if ($username) {// can be forged by a user in get/post/cookies $good_login = 1;} if ($good_login == 1) {// can be forged by a user in get/post/cookies, fpassthru ("/highly/sensitive/data/index.html");}? =ד 5-15. Ԛ register_globals = off µć鿶ς¹¤׷ ?php if($_COOKIE['username']){ // can only come from a cookie, forged or otherwise $good_login = 1; fpassthru ("/highly/sensitive/data/index.html");}? ?php if ($_COOKIE['username'] !$_POST['username'] !$_GET['username']) {// Perform other checks to validate the user name... $good_login = 1; fpassthru ("/highly/sensitive/data/index.html");} else {mail("admin@example.com", "Possible breakin attempt", $_SERVER['REMOTE_ADDR']); echo "Security violation, admin has been alerted."; exit;}? º󍋼/A ưµ㼯A ´펳±¨¸漯TD ɏһ¼¶ Ӄ»§̡½»µĊþ¼¯”D