Last Updated: February 25, 2016
· gxela

phpinfo() the right way!

This is how to secure any file that calls phpinfo() function. If the developer passes a get parameter to the script with a correct value he will see the server environment information, otherwise respond with a 404 error not found.

if(isset($_GET['phpinfo']) && $_GET['phpinfo'] == 'true'){
    header("HTTP/1.0 404 Not Found");

2 Responses
Add your response

Interesting idea, but it might be a bit safer to lock it down based on IP or hostname rather than a simple flag.

Or better still - only allow the script to be run on localhost.

Or better...don't have the script on your public facing server at all!

over 1 year ago ·

Very good points and nice elaboration, thanks

over 1 year ago ·