why phpinfo() exposes $_ENV
David Mintz
dmintz at panix.com
Thu Jun 19 15:20:42 EDT 2003
Hello,
This is the dude who just got started with a fresh AMP environment on my
Red Hat 9 box, thanks again for the help. It's workin'.
I notice that phpinfo() output includes $_ENV, which seems a little
intrusive, and I'm wondering why and what can be done about it. (I googled
for this and found a thousand people's phpinfo hanging out in public, and
one reference to the issuee, but no solution. Perused the php docs too.)
My httpd is running as nobody and the script in question is owned by user
david, that's whose environment is being printed.
I recognize that it's not considered good security practice to advertise
your phpinfo and I don't plan to, but I'm curious about this anyway. TIA.
---
David Mintz
http://davidmintz.org/
Email: See http://dmintzweb.com/whitelist.php first!
"You want me to pour the beer, Frank?"
More information about the talk
mailing list