Article:
  Apache Web-Serving with Mac OS X: Part 3
Subject:   phpInfo() showing my password
Date:   2002-11-14 20:15:13
From:   anonymous2
I am new to PHP and learning a ton from this site! I love it.


I am wondering why I can see my password in the phpinfo() page. It's listed as the _SERVER["PHP_AUTH_PW"] variable under PHP Variables near the bottom.


I posted the same phpinfo() file on a server I have used in the past and it doesn't show up there.


Thanks

Main Topics Oldest First

Showing messages 1 through 1 of 1.

  • phpInfo() showing my password
    2003-06-05 01:25:19  anonymous2 [View]

    That scared me too! But I figured out that it only shows up if your site is secured with Authentication and you have already logged in (which may be happening automatically via transparent KeyChain access or other Password Manager type stuff). I tried relaunching my browser and didn't log in to the secured section of my site (the top level of the site is public, but my personal ~user pages are protected), and then ran a file that had phpinfo() in it and the PHP_AUTH_USER and PHP_AUTH_PW variables don't show up in the listing. The PHP module apparenlty has access to your authentication info (I guess that's a good thing?), and that phpinfo page is just showing off _everything_ it knows about. But still it seems like it shouldn't be displaying that by in a general info page - that should be some kind of special command or option, not the default.