Re: PHP

From: Nathan Cook (security@pcsedu.com)
Date: 08/22/01


Message-ID: <011901c12b4c$d5b36fe0$a300000a@pcsedu.com>
From: "Nathan Cook" <security@pcsedu.com>
To: <secprog@securityfocus.com>
Subject: Re: PHP
Date: Wed, 22 Aug 2001 14:55:51 -0600

From: <teo@gecadsoftware.com>
> One can use a MVC model, and have only one entry in the site to do the
> `dispatching'. That entry can do proper checkings and all.

It seems to me like it would be extremely simple to create an auto prepend
script (http://www.zend.com/zend/spotlight/prepend.php#Heading3) and just have
that run before every page is processed to set the variables or unset the
variables that are suspect. That way no matter what page they entered on, you
could regulate it.

Nathan Cook
ncook@pcsedu.com