For variables that have a particularly important security role in your scripts, consider setting them to the safest setting by default. For example, variables such as $loggedin should be set to false by default. Not only does this make clear the security stance in your script when other programmers read through it, but it also gives more security to those who are using your script with register_globals enabled.
Want to learn PHP 7?
Hacking with PHP has been fully updated for PHP 7, and is now available as a downloadable PDF. Get over 1200 pages of hands-on PHP learning today!
If this was helpful, please take a moment to tell others about Hacking with PHP by tweeting about it!
Next chapter: Be wary of session fixation >>
Previous chapter: Denial of service
Home: Table of Contents
Copyright ©2015 Paul Hudson. Follow me: @twostraws.