dongmeirang4679 2016-09-22 12:19
浏览 75
已采纳

PHP OOP - 可以从外部类访问var_dump的私有变量?

I have a class User with a variable: private $uPass;

I just noticed that when creating an instance of User and I run a var_dump on that instance that it just lists all the private variables? Is there any way to turn this off?

class User
{
    private $uId;
    private $uName;
    private $uPass;
    private $uPowers;

$teamMembers[$count] = new User();

foreach ($teamMembers as $teamMember)
{
    var_dump($teamMember);
}

And then the output just shows everything, including the passwords ... Ofcourse they're encrypted, but still don't want them to be accessible like this!?

What's the correct way to solve this?

  • 写回答

1条回答 默认 最新

  • dongyu6276 2016-09-22 12:26
    关注

    It's doing exactly what it says it does:

    All public, private and protected properties of objects will be returned in the output unless the object implements a __debugInfo() method (implemented in PHP 5.6.0).

    So you can implement a custom __debugInfo method, or alternatively, just stop worrying about it. This is only a security risk if someone has access to your source code, or a serialized copy of the object, both of which are probably signs of a much wider security issue.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 想问一下树莓派接上显示屏后出现如图所示画面,是什么问题导致的
  • ¥100 嵌入式系统基于PIC16F882和热敏电阻的数字温度计
  • ¥15 cmd cl 0x000007b
  • ¥20 BAPI_PR_CHANGE how to add account assignment information for service line
  • ¥500 火焰左右视图、视差(基于双目相机)
  • ¥100 set_link_state
  • ¥15 虚幻5 UE美术毛发渲染
  • ¥15 CVRP 图论 物流运输优化
  • ¥15 Tableau online 嵌入ppt失败
  • ¥100 支付宝网页转账系统不识别账号