[Mediawiki-l] encrypt mySQL password?
Thomas Koll
tomk32 at gmx.de
Fri Sep 2 17:45:45 UTC 2005
Am 02.09.2005 um 19:33 schrieb dug:
> I've noticed that the admin password to the mySQL db is included in
> plain
> text in the LocalSettings.php file in my Wiki directory, which is
> set to
> 755, readable and executable by the world. Am I being paranoid, or
> is this a
> slightly insecure situation?
That's normal with about every software running on a webserver.
> Can the password be encrypted, or is there some other security
> measure I
> should take?
Create a new mysql-user for the Mediawiki only or pu tthe
LocalSettings-php
in a path not accessible for the apache and make sure it's included
via php.
Advantage is that it's secure against a failure of php but honestly,
that happens
so seldom that it's not worth the work.
ciao, tom
--
http://de.wikipedia.org/wiki/Benutzer:TomK32
http://www.tomk32.de
More information about the MediaWiki-l
mailing list