dongmeirang4679 2016-09-22 12:19
浏览 75
已采纳

PHP OOP - 可以从外部类访问var_dump的私有变量?

I have a class User with a variable: private $uPass;

I just noticed that when creating an instance of User and I run a var_dump on that instance that it just lists all the private variables? Is there any way to turn this off?

class User
{
    private $uId;
    private $uName;
    private $uPass;
    private $uPowers;

$teamMembers[$count] = new User();

foreach ($teamMembers as $teamMember)
{
    var_dump($teamMember);
}

And then the output just shows everything, including the passwords ... Ofcourse they're encrypted, but still don't want them to be accessible like this!?

What's the correct way to solve this?

  • 写回答

1条回答 默认 最新

  • dongyu6276 2016-09-22 12:26
    关注

    It's doing exactly what it says it does:

    All public, private and protected properties of objects will be returned in the output unless the object implements a __debugInfo() method (implemented in PHP 5.6.0).

    So you can implement a custom __debugInfo method, or alternatively, just stop worrying about it. This is only a security risk if someone has access to your source code, or a serialized copy of the object, both of which are probably signs of a much wider security issue.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥20 求数据集和代码#有偿答复
  • ¥15 关于下拉菜单选项关联的问题
  • ¥20 java-OJ-健康体检
  • ¥15 rs485的上拉下拉,不会对a-b<-200mv有影响吗,就是接受时,对判断逻辑0有影响吗
  • ¥15 使用phpstudy在云服务器上搭建个人网站
  • ¥15 应该如何判断含间隙的曲柄摇杆机构,轴与轴承是否发生了碰撞?
  • ¥15 vue3+express部署到nginx
  • ¥20 搭建pt1000三线制高精度测温电路
  • ¥15 使用Jdk8自带的算法,和Jdk11自带的加密结果会一样吗,不一样的话有什么解决方案,Jdk不能升级的情况
  • ¥15 画两个图 python或R