Women in Technology

Hear us Roar



Article:
  Apache Web-Serving with Mac OS X: Part 3
Subject:   phpInfo() showing my password
Date:   2003-06-05 01:25:19
From:   anonymous2
Response to: phpInfo() showing my password

That scared me too! But I figured out that it only shows up if your site is secured with Authentication and you have already logged in (which may be happening automatically via transparent KeyChain access or other Password Manager type stuff). I tried relaunching my browser and didn't log in to the secured section of my site (the top level of the site is public, but my personal ~user pages are protected), and then ran a file that had phpinfo() in it and the PHP_AUTH_USER and PHP_AUTH_PW variables don't show up in the listing. The PHP module apparenlty has access to your authentication info (I guess that's a good thing?), and that phpinfo page is just showing off _everything_ it knows about. But still it seems like it shouldn't be displaying that by in a general info page - that should be some kind of special command or option, not the default.