Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 2 > Installation/Configuration

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 21st June 2006, 11:11
Qrup Qrup is offline
Member
 
Join Date: Feb 2006
Posts: 39
Thanks: 0
Thanked 0 Times in 0 Posts
Default phpmyadmin - password in clear text

Hi,

Does anyone know why the db_password in file "/home/admispconfig/ispconfig/lib/config.inc.php" is written in clear text? Is that not a security problem?

/Qrup
Reply With Quote
Sponsored Links
  #2  
Old 21st June 2006, 12:47
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 36,788
Thanks: 840
Thanked 5,612 Times in 4,423 Posts
Default

Quote:
Originally Posted by Qrup
Does anyone know why the db_password in file "/home/admispconfig/ispconfig/lib/config.inc.php" is written in clear text? Is that not a security problem?
How shall ISPConfig connect to the database without a password

It is no security problem, the file is only accessible by the admispconfig user.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #3  
Old 21st June 2006, 13:22
Qrup Qrup is offline
Member
 
Join Date: Feb 2006
Posts: 39
Thanks: 0
Thanked 0 Times in 0 Posts
Default

True true.... I just thought such things would be encryptetd in some way.
Reply With Quote
  #4  
Old 21st June 2006, 16:26
todvard todvard is offline
Member
 
Join Date: Aug 2005
Posts: 85
Thanks: 1
Thanked 6 Times in 5 Posts
Default

maybe with md5?
Reply With Quote
  #5  
Old 21st June 2006, 17:30
torusturtle torusturtle is offline
Senior Member
 
Join Date: Apr 2006
Posts: 296
Thanks: 21
Thanked 24 Times in 16 Posts
Send a message via ICQ to torusturtle Send a message via AIM to torusturtle
Default

Quote:
Originally Posted by todvard
maybe with md5?
md5 is a hash value that can be used to cross check if a password has been written correctly. But a program would still need a password in clear text to generate the md5 hash value.

So there is now way around a clear text password.
Just be sure that the reading permission for the specific file or folder are set right.
Reply With Quote
  #6  
Old 21st June 2006, 18:28
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 36,788
Thanks: 840
Thanked 5,612 Times in 4,423 Posts
Default

Quote:
Originally Posted by torusturtle
So there is now way around a clear text password.
Just be sure that the reading permission for the specific file or folder are set right.
Thats exactly the problem. Even if we encrypt the mysql password with a reversible encryption algorithm, we will have to store the password for this encryption anywhere in cleartext. So this wont add any additional security.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Where is the user password saved torusturtle Installation/Configuration 2 20th June 2006 15:40
perfect setup suse 10 - phpmyadmin & mysql question reddog Server Operation 7 17th June 2006 13:59
phpmyadmin password hash montezuma Installation/Configuration 5 14th June 2006 14:57
Can't add databases using phpMyAdmin tristanlee85 General 1 19th May 2006 09:45
How to install BFD (Brute Force Detection) domino Tips/Tricks/Mods 9 31st March 2006 23:40


All times are GMT +2. The time now is 23:51.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.