[Mediawiki-l] Security - MediaWiki 1.9.2

Michael Daly mikedaly at magma.ca
Thu Mar 8 03:47:38 UTC 2007


Roger Chrisman wrote:

> Luckily my MySQL pw and username are *above* that in LocalSettings.php 
> so they did not get out.

You can take the passwords and user IDs out of LocalSettings and move 
them to another another file in another directory.  In 
LocalSettings.php, put something like:

   require_once( "externalIncludes/mySQLDetails.php" );

   $wgDBserver         = $db_host;
   $wgDBname           = $db_name;
   $wgDBuser           = $db_user;
   $wgDBpassword       = $db_password;

Then in the directory externalIncludes put a file mySQLDetails.php with 
content:

   <?php
   $db_host="hostname";
   $db_name="dbname";
   $db_user="username";
   $db_password="password";
   ?>

Of course, the actual values are what you are using for your 
configuration.

You can ensure that that directory is not accessible directly so no one 
can view the file.

Mike




More information about the MediaWiki-l mailing list