Hi,

Does anyone know why the db_password in file "/home/admispconfig/ispconfig/lib/config.inc.php" is written in clear text? Is that not a security problem?

/Qrup

Does anyone know why the db_password in file "/home/admispconfig/ispconfig/lib/config.inc.php" is written in clear text? Is that not a security problem?

How shall ISPConfig connect to the database without a password :)

It is no security problem, the file is only accessible by the admispconfig user.

True true.... I just thought such things would be encryptetd in some way.

maybe with md5?

maybe with md5?

md5 is a hash value that can be used to cross check if a password has been written correctly. But a program would still need a password in clear text to generate the md5 hash value.

So there is now way around a clear text password.
Just be sure that the reading permission for the specific file or folder are set right.

So there is now way around a clear text password.
Just be sure that the reading permission for the specific file or folder are set right.

Thats exactly the problem. Even if we encrypt the mysql password with a reversible encryption algorithm, we will have to store the password for this encryption anywhere in cleartext. So this wont add any additional security.

config.inc.php has permissions of 600 and is owned by admispconfig, so that is the only user that can read the file.