Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
List of PHP functions that take password or key arguments
Here is a huge list of functions listed in the PHP manual which take an argument
which contains sensitive data, either directly or as an array element. Use it to
"audit" for statically embedded passwords in "your" codebase. Some of these are
very obscure/deprecated/whatever. The ones with "construct" in the name are
classes called in source like new foo("password");...
http://php.net/manual/en/function.hash-hmac.php
http://www.php.net/manual/en/function.curl-setopt.php
http://php.net/manual/en/function.ssh2-auth-password.php <-- (the note about this not supporting keyboard_interactive from the getgo is just precious)
http://www.php.net/manual/en/function.mysql-connect.php
http://www.php.net/manual/en/function.mysqli-connect.php
http://www.php.net/manual/en/mysqli.construct.php
http://www.php.net/manual/en/pdo.construct.php
http://www.php.net/manual/en/function.oci-connect.php
http://www.php.net/manual/en/function.oci-new-connect.php
http://www.php.net/manual/en/function.oci-pconnect.php
http://php.net/manual/en/function.mysql-pconnect.php
http://www.php.net/manual/en/function.ldap-bind.php
http://www.php.net/manual/en/function.ftp-login.php
http://php.net/manual/en/function.mssql-connect.php
http://www.php.net/manual/en/function.mssql-pconnect.php
http://www.php.net/manual/en/function.ssh2-auth-hostbased-file.php
http://www.php.net/manual/en/function.ssh2-auth-pubkey-file.php
http://www.php.net/manual/en/function.hw-connect.php
http://www.php.net/manual/en/function.svn-auth-set-parameter.php <-- depends on first argument
http://www.php.net/manual/en/function.yaz-connect.php
http://www.php.net/manual/en/function.pg-connect.php
http://www.php.net/manual/en/function.pg-pconnect.php
http://php.net/manual/en/function.imap-open.php
http://www.php.net/manual/en/function.cyrus-authenticate.php
http://www.php.net/manual/en/function.vpopmail-add-user.php
http://www.php.net/manual/en/function.vpopmail-auth-user.php
http://www.php.net/manual/en/function.vpopmail-passwd.php
http://www.php.net/manual/en/function.mcrypt-encrypt.php
http://www.php.net/manual/en/function.mcrypt-decrypt.php
http://www.php.net/manual/en/function.openssl-encrypt.php
http://www.php.net/manual/en/function.openssl-decrypt.php
http://www.php.net/manual/en/function.openssl-private-decrypt.php
http://www.php.net/manual/en/function.openssl-private-encrypt.php
http://www.php.net/manual/en/function.openssl-public-decrypt.php
http://www.php.net/manual/en/function.openssl-public-encrypt.php
http://www.php.net/manual/en/function.kadm5-init-with-password.php
http://www.php.net/manual/en/function.dbx-connect.php
http://www.php.net/manual/en/function.odbc-connect.php
http://www.php.net/manual/en/function.cubrid-connect.php
http://www.php.net/manual/en/function.cubrid-connect-with-url.php
http://www.php.net/manual/en/function.cubrid-connect.php
http://www.php.net/manual/en/function.cubrid-pconnect.php
http://www.php.net/manual/en/function.cubrid-pconnect-with-url.php
http://www.php.net/manual/en/function.ibase-connect.php
http://www.php.net/manual/en/function.ibase-pconnect.php
http://www.php.net/manual/en/function.fbsql-connect.php
http://www.php.net/manual/en/function.fbsql-pconnect.php
http://www.php.net/manual/en/function.fbsql-database-password.php
http://www.php.net/manual/en/function.fbsql-password.php
http://www.php.net/manual/en/function.fbsql-set-password.php
http://www.php.net/manual/en/function.db2-connect.php
http://www.php.net/manual/en/function.db2-pconnect.php
http://www.php.net/manual/en/function.ifx-connect.php
http://www.php.net/manual/en/function.ifx-pconnect.php
http://www.php.net/manual/en/function.ingres-connect.php
http://www.php.net/manual/en/function.ingres-pconnect.php
http://www.php.net/manual/en/function.maxdb-connect.php
http://www.php.net/manual/en/function.maxdb-real-connect.php
http://www.php.net/manual/en/mongoclient.construct.php
http://www.php.net/manual/en/function.ovrimos-connect.php
http://www.php.net/manual/en/function.sqlsrv-connect.php
http://www.php.net/manual/en/function.sybase-connect.php
http://www.php.net/manual/en/function.sybase-pconnect.php
http://www.php.net/manual/en/oauth.construct.php <-- technically "secret" but these things leak all the time
http://www.php.net/manual/en/soapclient.soapclient.php
http://www.php.net/manual/en/varnishadmin.construct.php
http://www.php.net/manual/en/varnishadmin.setsecret.php
http://www.php.net/manual/en/snmp.construct.php
http://www.php.net/manual/en/snmp.setsecurity.php
http://www.php.net/manual/en/stomp.construct.php
http://www.php.net/manual/en/amqpconnection.setpassword.php
http://www.php.net/manual/en/amqpconnection.construct.php
0xabad1dea
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.