dongmeirang4679 2016-09-22 12:19
浏览 75
已采纳

PHP OOP - 可以从外部类访问var_dump的私有变量?

I have a class User with a variable: private $uPass;

I just noticed that when creating an instance of User and I run a var_dump on that instance that it just lists all the private variables? Is there any way to turn this off?

class User
{
    private $uId;
    private $uName;
    private $uPass;
    private $uPowers;

$teamMembers[$count] = new User();

foreach ($teamMembers as $teamMember)
{
    var_dump($teamMember);
}

And then the output just shows everything, including the passwords ... Ofcourse they're encrypted, but still don't want them to be accessible like this!?

What's the correct way to solve this?

  • 写回答

1条回答 默认 最新

  • dongyu6276 2016-09-22 12:26
    关注

    It's doing exactly what it says it does:

    All public, private and protected properties of objects will be returned in the output unless the object implements a __debugInfo() method (implemented in PHP 5.6.0).

    So you can implement a custom __debugInfo method, or alternatively, just stop worrying about it. This is only a security risk if someone has access to your source code, or a serialized copy of the object, both of which are probably signs of a much wider security issue.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥20 阿里云python代码求解
  • ¥20 有人知道这种图怎么画吗?
  • ¥15 pyqt6如何引用qrc文件加载里面的的资源
  • ¥15 安卓JNI项目使用lua上的问题
  • ¥20 RL+GNN解决人员排班问题时梯度消失
  • ¥15 统计大规模图中的完全子图问题
  • ¥15 使用LM2596制作降压电路,一个能运行,一个不能
  • ¥60 要数控稳压电源测试数据
  • ¥15 能帮我写下这个编程吗
  • ¥15 ikuai客户端l2tp协议链接报终止15信号和无法将p.p.p6转换为我的l2tp线路