safe to show PHP info - phpinfo () ?

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
jramaro
Forum Commoner
Posts: 58
Joined: Tue Jun 26, 2007 7:46 am

safe to show PHP info - phpinfo () ?

Post by jramaro »

Hi,
Im talkin to a outside coder guy about writing some GNuPG code to interact with PHP mail forms.
He wants to see a copy of phpinfo ()

Is there anything in that display that could be used malicious?

Anything you wouldn't want outside sources to see?

Thank You
User avatar
Jonah Bron
DevNet Master
Posts: 2764
Joined: Thu Mar 15, 2007 6:28 pm
Location: Redding, California

Post by Jonah Bron »

I'm not totally sure, but I would read phpinfo() myself, and ask him specificly what information he needs me to give him. I know one thing it reveals: the directories all the way down to the php installation, but there might be more...
User avatar
Kieran Huggins
DevNet Master
Posts: 3635
Joined: Wed Dec 06, 2006 4:14 pm
Location: Toronto, Canada
Contact:

Post by Kieran Huggins »

if you think about it, you're trusting a developer with a lot more than a *look* at your server...

but yes, a phpinfo is pretty safe to share.
User avatar
John Cartwright
Site Admin
Posts: 11470
Joined: Tue Dec 23, 2003 2:10 am
Location: Toronto
Contact:

Post by John Cartwright »

Kieran Huggins wrote:if you think about it, you're trusting a developer with a lot more than a *look* at your server...

but yes, a phpinfo is pretty safe to share.
It is not safe to share, and you likely should not. Divulging path information and other setting configurations can give useful information on where to start the attack :)

Will sharing it probably cause harm to the one guy? Probably not..
User avatar
s.dot
Tranquility In Moderation
Posts: 5001
Joined: Sun Feb 06, 2005 7:18 pm
Location: Indiana

Post by s.dot »

It could be potentially unsafe, but it would boil down to the security of your server and applications. The settings alone pose no threat.

It would only give a potential attacker places to start, which in some cases, is more than they had to begin with.
Set Search Time - A google chrome extension. When you search only results from the past year (or set time period) are displayed. Helps tremendously when using new technologies to avoid outdated results.
jramaro
Forum Commoner
Posts: 58
Joined: Tue Jun 26, 2007 7:46 am

Post by jramaro »

ah, Thanks

I think i will ask him what he needs to see specifically then
and then I'll let ya know what it is.

Thank You
Post Reply