PHP Under Attack

• Exploits the trust a site has for a particular user

• Generally involves Web sites that rely completely on the identification of the user for security

• Involves "tricking" a user into unknowingly sending an HTTP request of the attacker's choosing

• Represents the best reason to disable register_globals

• No easy solution - depends on application design