Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Question about database password in configure.php


sgreiner

Recommended Posts

When I completed the original install of OSC, the configure.php file has my DB password listed, but it is encrpyted. After I reinstalled my site and uploaded my backup files, I can't connect to the DB due to invalid password. I went in and changed the password in the configure.php file, but it is in plain text now. I can connect ok now. The question is can anyone view the configure.php file and see my password? Is there a way to have OSC write this password back to the configure.php file so it appears encrypted again rather the plain text?

"There is no doubt about precisely when folks began racing each other in automobiles. It was the day they built the second automobile." - Richard Petty

Link to comment
Share on other sites

Normally the password is not encrypted in the config files. Should be fine. Make sure you have the configure.php files chmod'd to 644 and it should be fine.

 

people will see this if trying to get to the file:

 

Click to see a 644 CHMOD'd file

 

Forbidden

You don't have permission to access /vcom/includes/configure.php on this server.

 

 

 

When I completed the original install of OSC, the configure.php file has my DB password listed, but it is encrpyted.  After I reinstalled my site and uploaded my backup files, I can't connect to the DB due to invalid password. I went in and changed the password in the configure.php file, but it is in plain text now. I can connect ok now. The question is can anyone view the configure.php file and see my password? Is there a way to have OSC write this password back to the configure.php file so it appears encrypted again rather the plain text?

Link to comment
Share on other sites

Maybe encrypted is not the right word to use. Let me say it this way. After I first installed OSC, I had to create a password for my database. Lets say that I use the password tomahawk. In configure.php here is how the line reads:

define('DB_SERVER_PASSWORD', 'ed4rdfeDfDSf');

 

After I remade my site, I uploaded all my modified files, including configure.php ( both the catalog and admin versions) After I did that, I could not open the connection to the database because of a bad password. I went in a manually changed the password from "ed4rdfeDfDSf" to "tomahawk" in both files and all is fine.

 

My questions are:

1. Can anyone get access to this file and see my password?

2. Is there a procedure that would go into the configure.php file(s) and change the password back to an "encrypted" state?

 

Let me also say that I installed OSC from cPanel using Fantastico. I know that a normal install of OSC has an install folder that you can run the install script. I did not do it that way. Maybe this has something to do with it.

"There is no doubt about precisely when folks began racing each other in automobiles. It was the day they built the second automobile." - Richard Petty

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...