Page 1 of 1

Apache PHP and $_SERVER['PATH_INFO']

Posted: Tue Feb 03, 2004 3:47 pm
by kcomer
Is there a security risk invloved with allowing PHP to use the Apache PATH_INFO variable. I'm asking because I have a website at GoDaddy that I was trying to setup and it made extensive use of data in the $_SERVER['PATH_INFO'] variable. I google'd for a reason why you would want to disable PATH_INFO and didn't find anything. Can someone shed light on this? I'm still going to move the site, but I was curious as to why they had this feature disabled. And how they did it.

Keith