[MediaWiki-l] Any security problems involved in letting administrators edit LocalSettings.php via a wiki page?

Tim Starling tstarling at wikimedia.org
Mon Jul 3 05:22:40 UTC 2017


On 02/07/17 08:22, Jean Valjean wrote:
> Well I did take my passwords out of webroot.
> https://www.mediawiki.org/wiki/Manual:Securing_database_passwords#Keep_MySQL_Passwords_Out_Of_Webroot

That doesn't help. It's trivial to get the MySQL password, you can
just do "echo $wgDBpassword", not that it is necessary to do anything
that an attacker might want to do.

-- Tim Starling




More information about the MediaWiki-l mailing list