I have a class User with a variable: private $uPass;
I just noticed that when creating an instance of User and I run a var_dump on that instance that it just lists all the private variables? Is there any way to turn this off?
class User
{
private $uId;
private $uName;
private $uPass;
private $uPowers;
$teamMembers[$count] = new User();
foreach ($teamMembers as $teamMember)
{
var_dump($teamMember);
}
And then the output just shows everything, including the passwords ... Ofcourse they're encrypted, but still don't want them to be accessible like this!?
What's the correct way to solve this?
It's doing exactly what it says it does:
All public, private and protected properties of objects will be returned in the output unless the object implements a __debugInfo() method (implemented in PHP 5.6.0).
So you can implement a custom __debugInfo method, or alternatively, just stop worrying about it. This is only a security risk if someone has access to your source code, or a serialized copy of the object, both of which are probably signs of a much wider security issue.