Well I was looking through my logs of my website darnkitty.com and saw some people had been trying to hack my website.  They did it by attempting to hard-code certain variables in the URL of my page to override the need for the admin password.

Luckily they failed!!! Muhahahahaha.  Their attack would have worked if I had PHP’s register_globals option on.  Fortunately, I didn’t, as it’s a well known security hole.

If you’re reading this, and you’re a PHP developer… turn register_globals off.  Now.  Do it now.  Have you done it yet?