PECL/mysqlnd_uh gives users access to MySQL user names, MySQL
password used by any of the PHP MySQL extensions to connect to
MySQL. It allows monitoring of all queries and prepared statements
exposing the statement string to the user. Therefore, the
extension should be installed with care. The
PHP_INI_SYSTEM configuration setting
can be used to prevent users from hooking mysqlnd calls.
Code obfuscators and similar technologies are not suitable to prevent monitoring of mysqlnd library activities if PECL/mysqlnd_uh is made available and the user can install a proxy, for example, using auto_prepend_file.
Copyright © 1997, 2014, Oracle and/or its affiliates. All rights reserved. Legal Notices