gocondo Posted December 2, 2010 Share Posted December 2, 2010 Is there a risk in letting the public access to the phpinto() function? Link to comment https://forums.phpfreaks.com/topic/220421-phpinfo/ Share on other sites More sharing options...
mikosiko Posted December 2, 2010 Share Posted December 2, 2010 google "phpinfo security" this is a related funny post.... and serious too http://www.eschrade.com/page/google-searches-4c067780 Link to comment https://forums.phpfreaks.com/topic/220421-phpinfo/#findComment-1142059 Share on other sites More sharing options...
PFMaBiSmAd Posted December 2, 2010 Share Posted December 2, 2010 Yes, it's not a good idea because it would show insecure settings like register_globals, allow_url_fopen, and allow_url_include along with the php version and what language extensions are installed so that attacks could be used to try and exploit specific security holes that those settings open or bugs that are present in the specific version/language extensions. Link to comment https://forums.phpfreaks.com/topic/220421-phpinfo/#findComment-1142062 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.