Home/ Questions/Q 6078555
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-23T10:50:49+00:00

Is it possible to obfuscate or remove environment variables from phpinfo? If not, is

  • 0

Is it possible to obfuscate or remove environment variables from phpinfo?

If not, is the only alternative to display the phpinfo function?

Thinking about it further, someone could easily print_r($_SERVER) and get the credentials as well. What would be a solution to this?

clarification
This is in regards to Apache Environment Variables.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    The Suhosin patch does this:

    Ignores GET, POST, COOKIE variables with the following names:
    GLOBALS, _COOKIE, _ENV, _FILES, _GET, _POST, _REQUEST
    _SERVER, _SESSION, HTTP_COOKIE_VARS, HTTP_ENV_VARS
    HTTP_GET_VARS, HTTP_POST_VARS, HTTP_POST_FILES
    HTTP_RAW_POST_DATA, HTTP_SERVER_VARS, HTTP_SESSION_VARS

    other than that, I am not aware of a way to cleanly hide those variables.

    That said, it shouldn’t be really necessary in the first place – external visitors shouldn’t be able to run phpinfo(), or dump arbitrary variables.

    • 0