Skip to content

Instantly share code, notes, and snippets.

@0xabad1dea
Last active December 14, 2015 17:09
Show Gist options
  • Save 0xabad1dea/5119957 to your computer and use it in GitHub Desktop.
Save 0xabad1dea/5119957 to your computer and use it in GitHub Desktop.
List of PHP functions that take password or key arguments
Here is a huge list of functions listed in the PHP manual which take an argument
which contains sensitive data, either directly or as an array element. Use it to
"audit" for statically embedded passwords in "your" codebase. Some of these are
very obscure/deprecated/whatever. The ones with "construct" in the name are
classes called in source like new foo("password");...
http://php.net/manual/en/function.hash-hmac.php
http://www.php.net/manual/en/function.curl-setopt.php
http://php.net/manual/en/function.ssh2-auth-password.php <-- (the note about this not supporting keyboard_interactive from the getgo is just precious)
http://www.php.net/manual/en/function.mysql-connect.php
http://www.php.net/manual/en/function.mysqli-connect.php
http://www.php.net/manual/en/mysqli.construct.php
http://www.php.net/manual/en/pdo.construct.php
http://www.php.net/manual/en/function.oci-connect.php
http://www.php.net/manual/en/function.oci-new-connect.php
http://www.php.net/manual/en/function.oci-pconnect.php
http://php.net/manual/en/function.mysql-pconnect.php
http://www.php.net/manual/en/function.ldap-bind.php
http://www.php.net/manual/en/function.ftp-login.php
http://php.net/manual/en/function.mssql-connect.php
http://www.php.net/manual/en/function.mssql-pconnect.php
http://www.php.net/manual/en/function.ssh2-auth-hostbased-file.php
http://www.php.net/manual/en/function.ssh2-auth-pubkey-file.php
http://www.php.net/manual/en/function.hw-connect.php
http://www.php.net/manual/en/function.svn-auth-set-parameter.php <-- depends on first argument
http://www.php.net/manual/en/function.yaz-connect.php
http://www.php.net/manual/en/function.pg-connect.php
http://www.php.net/manual/en/function.pg-pconnect.php
http://php.net/manual/en/function.imap-open.php
http://www.php.net/manual/en/function.cyrus-authenticate.php
http://www.php.net/manual/en/function.vpopmail-add-user.php
http://www.php.net/manual/en/function.vpopmail-auth-user.php
http://www.php.net/manual/en/function.vpopmail-passwd.php
http://www.php.net/manual/en/function.mcrypt-encrypt.php
http://www.php.net/manual/en/function.mcrypt-decrypt.php
http://www.php.net/manual/en/function.openssl-encrypt.php
http://www.php.net/manual/en/function.openssl-decrypt.php
http://www.php.net/manual/en/function.openssl-private-decrypt.php
http://www.php.net/manual/en/function.openssl-private-encrypt.php
http://www.php.net/manual/en/function.openssl-public-decrypt.php
http://www.php.net/manual/en/function.openssl-public-encrypt.php
http://www.php.net/manual/en/function.kadm5-init-with-password.php
http://www.php.net/manual/en/function.dbx-connect.php
http://www.php.net/manual/en/function.odbc-connect.php
http://www.php.net/manual/en/function.cubrid-connect.php
http://www.php.net/manual/en/function.cubrid-connect-with-url.php
http://www.php.net/manual/en/function.cubrid-connect.php
http://www.php.net/manual/en/function.cubrid-pconnect.php
http://www.php.net/manual/en/function.cubrid-pconnect-with-url.php
http://www.php.net/manual/en/function.ibase-connect.php
http://www.php.net/manual/en/function.ibase-pconnect.php
http://www.php.net/manual/en/function.fbsql-connect.php
http://www.php.net/manual/en/function.fbsql-pconnect.php
http://www.php.net/manual/en/function.fbsql-database-password.php
http://www.php.net/manual/en/function.fbsql-password.php
http://www.php.net/manual/en/function.fbsql-set-password.php
http://www.php.net/manual/en/function.db2-connect.php
http://www.php.net/manual/en/function.db2-pconnect.php
http://www.php.net/manual/en/function.ifx-connect.php
http://www.php.net/manual/en/function.ifx-pconnect.php
http://www.php.net/manual/en/function.ingres-connect.php
http://www.php.net/manual/en/function.ingres-pconnect.php
http://www.php.net/manual/en/function.maxdb-connect.php
http://www.php.net/manual/en/function.maxdb-real-connect.php
http://www.php.net/manual/en/mongoclient.construct.php
http://www.php.net/manual/en/function.ovrimos-connect.php
http://www.php.net/manual/en/function.sqlsrv-connect.php
http://www.php.net/manual/en/function.sybase-connect.php
http://www.php.net/manual/en/function.sybase-pconnect.php
http://www.php.net/manual/en/oauth.construct.php <-- technically "secret" but these things leak all the time
http://www.php.net/manual/en/soapclient.soapclient.php
http://www.php.net/manual/en/varnishadmin.construct.php
http://www.php.net/manual/en/varnishadmin.setsecret.php
http://www.php.net/manual/en/snmp.construct.php
http://www.php.net/manual/en/snmp.setsecurity.php
http://www.php.net/manual/en/stomp.construct.php
http://www.php.net/manual/en/amqpconnection.setpassword.php
http://www.php.net/manual/en/amqpconnection.construct.php
0xabad1dea
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment