search

patrickallaert / php-apm

PHP APM (Alternative PHP Monitor)
http://pecl.php.net/package/APM
Other
310 stars 101 forks source link

db password leaked in phpinfo() #58

Open jamesstout opened 7 years ago

jamesstout commented 7 years ago

I think it's from this line:

STD_PHP_INI_ENTRY("apm.mysql_pass", "", PHP_INI_PERDIR, OnUpdateString, mysql_db_pass, zend_apm_globals, apm_globals)

This results in:

screen shot 2017-04-16 at 11 19 50 pm-2

I know I can disable phpinfo, but I wondered if there was a way to obfuscate or bcrypt it before output?

Thanks James

MACscr commented 7 years ago

yikes, this is definitely not good. especially when feeding into a central mysql server.