We serve our customers by provisioning isolated Linux containers with an optimized PHP stack. The php.ini is part of a highly tuned configuration and is not user-configurable. We continually deploy new builds of PHP and you also have the ability to upgrade PHP versions. If you'd like to see a comprehensive list of what's installed with the version of PHP in use by a particular environment, you may use phpinfo. We also have example PHP info for each version of PHP on the platform.
- phpinfo exposes sensitive information like the password to connect to the DB
- If you create a
phpinfofile, delete the file immediately after review
Drupal makes the phpinfo available to privileged users at
Lock environment (if the environment does not currently need to be publicly accessible).
Create a php file with an obscure filename that uses phpinfo.
To minimize the information exposed over the web, omit sensitive sections from the phpinfo output. The recommended way to call
phpinfo(INFO_GENERAL | INFO_CREDITS | INFO_MODULES | INFO_LICENSE);
Visit the file in a web browser to view phpinfo.
Delete the file immediately so you do not expose sensitive information, such as a password, to connect to the DB.
As an alternative to exposing these values on a web accessible URL, you can use Terminus to check these values:
terminus remote:drush <SITE>.<ENV> -- ev "print(phpinfo())"