Php info script

Hangin' Around Joined: Aug 05, 2005 Posts: 29

Hi

I quickly uploaded a php test script to find out something about sendmail on my server but I noticed this:

_SERVER["PHP_AUTH_PW"] and it showed my .htaccess password eventhough it's encoded in the original file! am I being paranoid?

Site Admin/Owner Joined: Aug 27, 2002 Posts: 17088

Nope. That's why you never leave phpinfo() on a website!

Posted: Sat Jun 10, 2006 4:33 pm

Maybe a stupid question, but is there any risk to have a download file .zip that does the same like phpinfo and a lot more. I have never heard about such a risk but I was only wondering because the number of downloads for this file is relative high..

Posted: Sat Jun 10, 2006 5:02 pm

Risk to whom? Just offering the script is no risk to you. But having it available for others to execute is a recipe for server disaster.

Posted: Sat Jun 10, 2006 5:41 pm

Having it available to download and having it available to excute is a small but important difference. Smile