[Bug 204479] Re: PHP should be shipped with magic_quotes_gpc = Off in php.ini
bmjames
bmjames at gmail.com
Mon Apr 6 00:37:53 BST 2009
This configuration encourages bad development practice and in doing so
encourages SQL injection vulnerabilities in PHP applications developed
on Ubuntu.
magic_quotes_gpc offers no protection against sophisticated injection
attacks, and enabling it only serves to give novice developers a false
sense of security. Developers who see that it is enabled are less likely
to consider using practices that are guaranteed to prevent injection
vulnerabilities.
The feature only still exists for legacy compatibility, and enabling it
by default is an illogical and dangerous mistake which should be
corrected as soon as possible. It is a disservice to the developer
community to wait for PHP 6 to fix this problem.
--
PHP should be shipped with magic_quotes_gpc = Off in php.ini
https://bugs.launchpad.net/bugs/204479
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to php5 in ubuntu.
More information about the Ubuntu-server-bugs
mailing list