为什么 $_REQUEST 变量被认为是不安全的? [英] Why the $_REQUEST variable is considered insecure?

问题描述

可能的重复:
$_REQUEST 是否存在安全问题?

有没有人对此有可验证的引用?安全漏洞的回旋处是什么?

Does anyone have verifiable citations on this? What would be the roundabouts for the security holes?

推荐答案

这里有一篇小文章，您可以阅读其中的原因:

Here is a small post that you can read about why:

http://devlog.info/2010/02/04/why-php-request-array-is-dangerous/

来自该页面:

问题:为什么 $_REQUEST 不安全?

Question: Why is $_REQUEST insecure?

答案:因为它结合了 COOKIE 以及 GET 和 POST，并且 COOKIE 数据始终优先，从而为危险的粘性"变量创造了可能性.

Answer: Because it combines COOKIE as well as GET and POST, and the COOKIE data always takes precedence creating the possibility for dangerous "sticky" variables.

这篇关于为什么 $_REQUEST 变量被认为是不安全的?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！