Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
List of PHP functions that take password or key arguments
Here is a huge list of functions listed in the PHP manual which take an argument
which contains sensitive data, either directly or as an array element. Use it to
"audit" for statically embedded passwords in "your" codebase. Some of these are
very obscure/deprecated/whatever. The ones with "construct" in the name are
classes called in source like new foo("password");... <-- (the note about this not supporting keyboard_interactive from the getgo is just precious) <-- depends on first argument <-- technically "secret" but these things leak all the time
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment