register_globals security issue (an easy way?)

lyingbuddha

Say register_globals is on by server default.

$serverip= "server IP address here";

//security check
if ( $SERVER_ADDR != $serverip ) {
   mail("account@server.com", "Possible breaking attempt", $_SERVER['REMOTE_ADDR']);
   echo "Security violation! You IP has been logged: $REMOTE_ADDR";
   die();
}

so this will prevent all security issues related to register_globals and I don't need to write that array blah blah things explained in the most manuals. Am I right or missing some points?

planetsim

Sorry to be sounding rude by why is the Servers IP relevant to Register_Globals.

That and also $SERVER_ADDR where is that defined?

lyingbuddha

You don't need to deifne $SERVER_ADDR, it's one of Apache's default functions.

The logic of this script was, if the server and the address of php script that's running is different, it kills the connection. So you say it's not related with register_globals... thanks.