What security problems could come from exposing phpinfo() to end users?

by

Knowing the structure of your filesystem might allow hackers to execute directory traversal attacks if your site is vulnerable to them.

I think exposing phpinfo() on its own isn’t necessarily a risk, but in combination with another vulnerability could lead to your site becoming compromised.

Obviously, the less specific info hackers have about your system, the better. Disabling phpinfo() won’t make your site secure, but will make it slightly more difficult for them.

More Related Contents:

  1. xss attack on a php page
  2. How can I sanitize user input with PHP?
  3. How can I store my users’ passwords safely?
  4. How do you Encrypt and Decrypt a PHP String?
  5. How to create a secure mysql prepared statement in php?
  6. Simplest two-way encryption using PHP
  7. Two-way encryption: I need to store passwords that can be retrieved
  8. Secure random number generation in PHP
  9. PHP MySQLI Prevent SQL Injection [duplicate]
  10. How to fake $_SERVER[‘REMOTE_ADDR’] variable?
  11. Best way to defend against mysql injection and cross site scripting
  12. In a PHP / Apache / Linux context, why exactly is chmod 777 dangerous?
  13. Login without HTTPS, how to secure?
  14. Is it safe to trust $_SERVER[‘REMOTE_ADDR’]?
  15. How to get rid of eval-base64_decode like PHP virus files?
  16. encrypt and decrypt md5
  17. How to sanitze user input in PHP before mailing?
  18. best practice to generate random token for forgot password
  19. How to enable DDoS protection?
  20. Is htmlspecialchars enough to prevent an SQL injection on a variable enclosed in single quotes?
  21. Why should I use $_GET and $_POST instead of $_REQUEST? [duplicate]
  22. How can I determine a file’s true extension/type programmatically?
  23. Can a client view server-side PHP source code?
  24. Can I serve MP3 files with PHP?
  25. Set httpOnly and secure on PHPSESSID cookie in PHP
  26. Does PHP’s $_REQUEST method have a security problem?
  27. is $_SERVER[‘HTTP_REFERER’] safe?
  28. Json: PHP to JavaScript safe or not?
  29. Limiting user login attempts in PHP [duplicate]
  30. What encryption algorithm is best for encrypting cookies?

Leave a Comment