ooops… I thought that was a search box… first time here guys sorry -;)
I was checking for posts on the plain-text password in wp-config.php. Doesn’t this raise security issues?
Not really, if you were to navigate to that page directly, all you would get is a blank page. No text is written out to the browser. The file simply executes.
-tg
But that’s just plain browsing. I was thinking more along the lines of the website being infected with a virus that reads the file contents and reports them to someone. I just posted something on this thread http://wordpress.org/support/topic/44318 about websites infected with a virus that embeds trojan script in html files. I’ve just had to delete installations of an RSS system on 8 websites that got this (not wordpress, although strange things have been happening there as we see in the referenced post).
On my sites there were .htaccess files and php files I didn’t put there! How did they get there? – we’re still figuring it out. But if you can do that it’s pretty easy to snoop plain text from a file. Any kind of plain text password on a web server is a vulnerability and best avoided. Especially when everyone in the world knows the name of the file. Unfortunately… with success comes viruses… ask Bill Gates!
