Setting object property via Query String

Discussion in 'PHP' started by uniqueasitis, Jun 16, 2007.

0
  1. #1
    Is it possible to set a public object property via query string. For example if I have the following object

    $object->property;

    and the property is set to public, is it possible for a hacker to set the property via query string?
     
    uniqueasitis, Jun 16, 2007 IP
  2. dzysyak

    dzysyak Peon

    Messages:
    43
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    0
    #2
    No, it is not possible, if you have not left some holes in your code.
     
    dzysyak, Jun 16, 2007 IP
  3. uniqueasitis

    uniqueasitis Peon

    Messages:
    661
    Likes Received:
    29
    Best Answers:
    0
    Trophy Points:
    0
    #3
    by holes do you mean as long as I do not assign a variable in the script to the property?
     
    uniqueasitis, Jun 16, 2007 IP
  4. dzysyak

    dzysyak Peon

    Messages:
    43
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    0
    #4
    Yes, you are right. And I hope globals are turned off on your server, as potentialy this can also be a hole.
     
    dzysyak, Jun 16, 2007 IP
  5. uniqueasitis

    uniqueasitis Peon

    Messages:
    661
    Likes Received:
    29
    Best Answers:
    0
    Trophy Points:
    0
    #5
    Yes they are. I guess using objects does have some advantages. Thanks for your help.
     
    uniqueasitis, Jun 16, 2007 IP