Skip to content

Warn of environmental variable inclusion in phpinfo/super globals dump #9237

New issue
New issue
Closed
Closed
Warn of environmental variable inclusion in phpinfo/super globals dump#9237
Labels
Securitygood first issueIdeal for your first contribution! (some Symfony experience may be required)hasPRA Pull Request has already been submitted for this issue.
@michaelcullum

Description

@michaelcullum
michaelcullum
opened on Feb 9, 2018

We should warn in the docs that dumping $_SERVER, $_ENV, or outputting phpinfo() would disclose contents of environmental variables which, as of Symfony 4 best practices, would include database credentials.

Originally commented upon: https://twitter.com/mdekrijger/status/958688583858212865

Metadata

Metadata

Assignees

No one assigned

    Labels

    Securitygood first issueIdeal for your first contribution! (some Symfony experience may be required)hasPRA Pull Request has already been submitted for this issue.

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions