symfony · javiereguiluz · Feb 13, 2018 · Feb 11, 2018
diff --git a/best_practices/configuration.rst b/best_practices/configuration.rst
@@ -42,6 +42,13 @@ they have nothing to do with the application's behavior. In other words, your
 application doesn't care about the location of your database or the credentials
 to access to it, as long as the database is correctly configured.
 
+.. caution::
+
+    Beware that dumping the contents of the ``$_SERVER`` and ``$_ENV`` variables
+    or outputting the ``phpinfo()`` contents will display the values of the
+    environment variables, exposing sensitive information such as the database
+    credentials.
+
 .. _best-practices-canonical-parameters:
 
 Canonical Parameters

diff --git a/configuration/external_parameters.rst b/configuration/external_parameters.rst
@@ -123,6 +123,13 @@ the following:
 
         fastcgi_param DATABASE_URL "mysql://db_user:db_password@127.0.0.1:3306/db_name";
 
+.. caution::
+
+    Beware that dumping the contents of the ``$_SERVER`` and ``$_ENV`` variables
+    or outputting the ``phpinfo()`` contents will display the values of the
+    environment variables, exposing sensitive information such as the database
+    credentials.
+
 Constants
 ---------