The password doesn’t go anyway. It’s not sent as traffic when folks visit your site. It’s contained within a php file so a trouble maker would have to gain access to the server to be able to read that file and, if they have that level of access, you’ve got worse issues to think of.
Gotta admit that I can’t think of any software that stores their mysql password within a hash. Interesting idea though.
Thread Starter
eliben
(@eliben)
However, what’s the harm in keeping it as a hash ? This way I can protect the password of the database from the people who hacked into the server, or the host company that hosts my DB, for that matter.
Isn’t this just better in all senses ?
I think it would add a layer of complication that is not needed. However, I could see your idea working as an advanced option.
It really isn’t needed by the average WordPress users. As theapparatus pointed out, if someone already has access to your server then you have bigger problems to worry about. That being said, I don’t think its high on the development teams TO-DO list. Maybe make a suggestion in the proper forum and see what others think?
