dongmeirang4679 2016-09-22 12:19
浏览 75
已采纳

PHP OOP - 可以从外部类访问var_dump的私有变量?

I have a class User with a variable: private $uPass;

I just noticed that when creating an instance of User and I run a var_dump on that instance that it just lists all the private variables? Is there any way to turn this off?

class User
{
    private $uId;
    private $uName;
    private $uPass;
    private $uPowers;

$teamMembers[$count] = new User();

foreach ($teamMembers as $teamMember)
{
    var_dump($teamMember);
}

And then the output just shows everything, including the passwords ... Ofcourse they're encrypted, but still don't want them to be accessible like this!?

What's the correct way to solve this?

  • 写回答

1条回答 默认 最新

  • dongyu6276 2016-09-22 12:26
    关注

    It's doing exactly what it says it does:

    All public, private and protected properties of objects will be returned in the output unless the object implements a __debugInfo() method (implemented in PHP 5.6.0).

    So you can implement a custom __debugInfo method, or alternatively, just stop worrying about it. This is only a security risk if someone has access to your source code, or a serialized copy of the object, both of which are probably signs of a much wider security issue.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?