phpmyadmin - password in clear text

Discussion in 'Installation/Configuration' started by Qrup, Jun 21, 2006.

  1. Qrup

    Qrup New Member


    Does anyone know why the db_password in file "/home/admispconfig/ispconfig/lib/" is written in clear text? Is that not a security problem?

  2. till

    till Super Moderator Staff Member ISPConfig Developer

    How shall ISPConfig connect to the database without a password :)

    It is no security problem, the file is only accessible by the admispconfig user.
  3. Qrup

    Qrup New Member

    True true.... I just thought such things would be encryptetd in some way.
  4. todvard

    todvard ISPConfig Developer ISPConfig Developer

    maybe with md5?
  5. torusturtle

    torusturtle ISPConfig Developer ISPConfig Developer

    md5 is a hash value that can be used to cross check if a password has been written correctly. But a program would still need a password in clear text to generate the md5 hash value.

    So there is now way around a clear text password.
    Just be sure that the reading permission for the specific file or folder are set right.
  6. till

    till Super Moderator Staff Member ISPConfig Developer

    Thats exactly the problem. Even if we encrypt the mysql password with a reversible encryption algorithm, we will have to store the password for this encryption anywhere in cleartext. So this wont add any additional security.
  7. falko

    falko Super Moderator ISPConfig Developer has permissions of 600 and is owned by admispconfig, so that is the only user that can read the file.

Share This Page