Added a note about the dangers of dumping $_SERVER and $_ENV

javiereguiluz · javiereguiluz · commit d9aedee30bc1 · 2018-02-11T19:38:10.000+01:00
diff --git a/best_practices/configuration.rst b/best_practices/configuration.rst
@@ -42,6 +42,13 @@ they have nothing to do with the application's behavior. In other words, your
 application doesn't care about the location of your database or the credentials
 to access to it, as long as the database is correctly configured.
 
+.. caution::
+
+    Beware that dumping the contents of the ``$_SERVER`` and ``$_ENV`` variables
+    or outputting the ``phpinfo()`` contents will display the values of the
+    environment variables, exposing sensitive information such as the database
+    credentials.
+
 .. _best-practices-canonical-parameters:
 
 Canonical Parameters
diff --git a/configuration/external_parameters.rst b/configuration/external_parameters.rst
@@ -123,6 +123,13 @@ the following:
 
         fastcgi_param DATABASE_URL "mysql://db_user:db_password@127.0.0.1:3306/db_name";
 
+.. caution::
+
+    Beware that dumping the contents of the ``$_SERVER`` and ``$_ENV`` variables
+    or outputting the ``phpinfo()`` contents will display the values of the
+    environment variables, exposing sensitive information such as the database
+    credentials.
+
 Constants
 ---------
 
