Re: [Postfixadmin-devel] config.local.php not being read.
Brought to you by:
christian_boltz,
gingerdog
Menu
▾
▴
Re: [Postfixadmin-devel] config.local.php not being read.
|
From: David G. <da...@co...> - 2009-04-13 20:48:36
|
> > We could do it in setup.php like in the Typo3 install tool: > > "Wrong password! The password you entered has md5 hash ......" > > > If they can read hte file, then they can read/write to the > > database.... so there would be bigger things to worry about. > > If an attacker can read config.inc.php (let's say by some vulnerable > other PHP scripts), there's still a difference: > > a) using setup.php with the setup password is easy - just type it. > b) using the database password requires access to phpMyAdmin etc. > which makes it at least slightly harder. > OK. Change to use md5/sha1/whatever (perhaps embed sha1: at the start of the string??) > > Final note: If we want to use md5 for the setup password, we should > switch _now_ so that less users are affected. OK. Well volunteered :) David. -- David Goodwin [ david at codepoets dot co dot uk ] [ http://www.codepoets.co.uk ] |
