ID: 35806 User updated by: mega-squall at caramail dot com Reported By: mega-squall at caramail dot com Status: Wont fix Bug Type: Feature/Change Request Operating System: * PHP Version: 5.1.1 New Comment:
I was thinking of a customizable portal for instance. It would allow some users (devlopers of the actual portal) to add/edit/delete pages or modules. When the portal is quite large, there would be many devs. Some may not have access to all parts of the site administration. But what if a verous dev wrote an hidden page with a print_r ($db->password); ? Is such a project beyond the aim of PHP ? Previous Comments: ------------------------------------------------------------------------ [2005-12-27 21:51:03] mega-squall at caramail dot com I was thinking of a customizable portal for instance. It would allow some users (devlopers of the actual portal) to add/edit/delete pages or modules. When the portal is quite large, there would be many devs. Some may not have access to all parts of the site administration. But what if a verous dev wrote an hidden page with a print_r ($db->password); ? Is such a project beyond the aim of PHP ? ------------------------------------------------------------------------ [2005-12-26 21:19:55] [EMAIL PROTECTED] Those debugging functions should not be used in production at all... they are debugging features. And if they cause security problems you're definitely doing something very wrong... ------------------------------------------------------------------------ [2005-12-26 15:40:25] mega-squall at caramail dot com Description: ------------ Debug functions (print_r(), var_export()) may access protected/private elements of objects for debugging puposes, but such a behavior might be a security hole for some scripts on production status. I suggest to add a configuration property which may enable or disable such functions from acessing private/protected elements, for instance in the php.ini ... ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=35806&edit=1
