[SECURITY] php.ini expose_php enabled?

Rabbit-Company / Passky-Server

Server for Passky (password manager)

https://passky.org

GNU General Public License v3.0

166 stars 22 forks source link

[SECURITY] php.ini expose_php enabled? #13

Closed f0xcb closed 1 year ago

f0xcb commented 1 year ago

I only had the one question. Why is expose_php enabled? Enabling expose_php for API support is a stupid idea because APIs can be used through JSON or what ever. Please dont feel attact, best regards.

Why you activated expose_php? Enabling expose_php for API support is a stupid idea, in my opinion because APIs can be used through JSON or what ever.

zigazajc007 commented 1 year ago

Hello,

expose_php (https://www.php.net/manual/en/ini.core.php#ini.expose-php) will only provide the version of PHP inside HTTP header. This does not affect the security.

Passky Server in version v7.0.0 also includes Admin Panel, so you can manage the accounts.

Edited: Passky Server is also open source, so if someone really wants to get the version of the PHP, it can without any problem just look at the source code.