Is there a means NOT to put the database password in plain text | WordPress.org

azumi123
(@azumi123)

11 years, 12 months ago

the wp-config.php file is storing the database password
in plain text.

Is there a means not to do this?
If not can I suggest one be created asap please?

thanks

A.

Viewing 1 replies (of 1 total)

Moderator Ipstenu (Mika Epstein)
(@ipstenu)

🏳️‍🌈 Advisor and Activist

11 years, 12 months ago

No.

And … please, suggest away, but there’s no way to do it.

Secure File Permissions Matter

WordPress, like all other web applications, must store database connection info in clear text. Encrypting credentials doesn’t matter because the keys have to be stored where the web server can read them in order to decrypt the data. If a malicious user has access to the file system — like they appeared to have in this case — it is trivial to obtain the keys and decrypt the information. When you leave the keys to the door in the lock, does it help to lock the door?”

Viewing 1 replies (of 1 total)

The topic ‘Is there a means NOT to put the database password in plain text’ is closed to new replies.

Tags

In: Requests and Feedback
1 reply
2 participants
Last reply from: Ipstenu (Mika Epstein)
Last activity: 11 years, 12 months ago
Status: not resolved

Topics

Topics with no replies

Non-support topics

Resolved topics

Unresolved topics

All topics