Am 02.09.2005 um 19:33 schrieb dug:
I've noticed that the admin password to the mySQL db is included in plain text in the LocalSettings.php file in my Wiki directory, which is set to 755, readable and executable by the world. Am I being paranoid, or is this a slightly insecure situation?
That's normal with about every software running on a webserver.
Can the password be encrypted, or is there some other security measure I should take?
Create a new mysql-user for the Mediawiki only or pu tthe LocalSettings-php in a path not accessible for the apache and make sure it's included via php. Advantage is that it's secure against a failure of php but honestly, that happens so seldom that it's not worth the work.
ciao, tom
-- http://de.wikipedia.org/wiki/Benutzer:TomK32 http://www.tomk32.de