I didn't think there was much harm in allowing your users to view phpinfo.. but searching around and reading around... Alot of people say not to let your user see phpinfo, i even seen some sites that showed you how to hack using phpinfo but not exactly sure how old the sites was, so i didn't know if the methods were still affective. So what are your opinions in letting your users view phpinfo?

why not show it, users can always make their own phpinfo file

I'd recommend disabling the phpinfo () function in your php.ini file. The less the random folks on the Internet know about your server the better.

thanks, i will do that then. When editing the php.ini file, would it conflict with cpanel? just curious

It's not just phpinfo that can give away your server specs. Some of the server applications may give it away in other forms also unless you disable those too. i.e. ftp server info when connecting via ftp or apache info in other forms other than phpinfo, etc.

phpinfo can be useful for not only a hacker, but also a legitimate programmer or application developer. By disabling it, you may make the server more secure, but may frustrate a developer who may need some specific info to get his application to work.

Is there anyone to allow phpinfo, on an account basis?

Hmm.. I can't think of one off the top of my head. You might get by creating a phpinfo file and securing it with .htaccess though.