HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Installation/Configuration (http://www.howtoforge.com/forums/forumdisplay.php?f=16)
-   -   phpmyadmin - password in clear text (http://www.howtoforge.com/forums/showthread.php?t=5054)

Qrup 21st June 2006 11:11

phpmyadmin - password in clear text
 
Hi,

Does anyone know why the db_password in file "/home/admispconfig/ispconfig/lib/config.inc.php" is written in clear text? Is that not a security problem?

/Qrup

till 21st June 2006 12:47

Quote:

Originally Posted by Qrup
Does anyone know why the db_password in file "/home/admispconfig/ispconfig/lib/config.inc.php" is written in clear text? Is that not a security problem?

How shall ISPConfig connect to the database without a password :)

It is no security problem, the file is only accessible by the admispconfig user.

Qrup 21st June 2006 13:22

True true.... I just thought such things would be encryptetd in some way.

todvard 21st June 2006 16:26

maybe with md5?

torusturtle 21st June 2006 17:30

Quote:

Originally Posted by todvard
maybe with md5?

md5 is a hash value that can be used to cross check if a password has been written correctly. But a program would still need a password in clear text to generate the md5 hash value.

So there is now way around a clear text password.
Just be sure that the reading permission for the specific file or folder are set right.

till 21st June 2006 18:28

Quote:

Originally Posted by torusturtle
So there is now way around a clear text password.
Just be sure that the reading permission for the specific file or folder are set right.

Thats exactly the problem. Even if we encrypt the mysql password with a reversible encryption algorithm, we will have to store the password for this encryption anywhere in cleartext. So this wont add any additional security.

falko 21st June 2006 21:37

config.inc.php has permissions of 600 and is owned by admispconfig, so that is the only user that can read the file.


All times are GMT +2. The time now is 16:00.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.