gocondo Posted December 2, 2010 Share Posted December 2, 2010 Is there a risk in letting the public access to the phpinto() function? Quote Link to comment https://forums.phpfreaks.com/topic/220421-phpinfo/ Share on other sites More sharing options...
mikosiko Posted December 2, 2010 Share Posted December 2, 2010 google "phpinfo security" this is a related funny post.... and serious too http://www.eschrade.com/page/google-searches-4c067780 Quote Link to comment https://forums.phpfreaks.com/topic/220421-phpinfo/#findComment-1142059 Share on other sites More sharing options...
PFMaBiSmAd Posted December 2, 2010 Share Posted December 2, 2010 Yes, it's not a good idea because it would show insecure settings like register_globals, allow_url_fopen, and allow_url_include along with the php version and what language extensions are installed so that attacks could be used to try and exploit specific security holes that those settings open or bugs that are present in the specific version/language extensions. Quote Link to comment https://forums.phpfreaks.com/topic/220421-phpinfo/#findComment-1142062 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.