Hi Robin & List!
Could we possibly get around this by setting/unsetting the register_globals in the config.inc.php3 ?
Yep we may but we also need to set/unset "track_vars" in this case (if possible ie php < 4.0.3). Nevertheless we will then face an other other problem: the secure solution is to set "register_globals" to "off", "track_vars" to "on" and to use "session_register($HTTP_SESSION_VARS['my_var'])"... as soon as php < 4.1.0 because since those bugs will be fixed in 4.1.0 we must use "session_register('my_var')" with this version.
Else we may set "register_globals" to "on" but this is far less secure :(
We would still need the stduser account to get the database list. SHOW GRANTS does not show databases that everybody has access to. It only shows databases where explict rights have been granted to the user.
Right :(
Loïc
______________________________________________________________________________ ifrance.com, l'email gratuit le plus complet de l'Internet ! vos emails depuis un navigateur, en POP3, sur Minitel, sur le WAP... http://www.ifrance.com/_reloc/email.emailif