Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Sercurityissue: Mysql-Password stored in mydomain/catalog/includes/configure.php


Guest

Recommended Posts

Hallo there. I'm a newbe in thinks like oscommerce, and i have configured my webshop without ssl(because of my nice hosting)...

 

My question is, if it is not dangerous to put the loging, servername and password in the /catalog/includes/configure.php?

 

Have i made something wrong?

 

kindly regards :-"

Link to comment
Share on other sites

Hallo there. I'm a newbe in thinks like oscommerce, and i have configured my webshop without ssl(because of my nice hosting)...

 

My question is, if it is not dangerous to put the loging, servername and password in the /catalog/includes/configure.php?

 

Have i made something wrong?

 

kindly regards :-"

 

Your concern is right.

That is the way in OSC. Since this file is not visible on Internet (Well to normal visitors nothing is safefrom hackers ;) ) so you can feel safe.

 

It would be betterif we can have a UNIX like Password storing mechanism...

Any taker for it?

Link to comment
Share on other sites

  • 3 weeks later...
Your concern is right.

That is the way in OSC. Since this file is not visible on Internet (Well to normal visitors nothing is safefrom hackers ;) ) so you can feel safe.

 

It would be betterif we can have a UNIX like Password storing mechanism...

Any taker for it?

 

no. i think i didn't know what a taker is. But thank you very much for your answer.

 

bye

Link to comment
Share on other sites

...if it is not dangerous to put the loging, servername and password in the /catalog/includes/configure.php...

User name & pw alone, withh the db_server normally being localhost or 127.0.0.1, would not be much useful for nayone who want to connect to your db server: you still need to know the full url to the database server. But if you host tells/requires you to store that full url in the configure.php, then that's unnecessary/stupid/wrong, and you'd ask why or consider changing hosts.

 

Ken

commercial support - unProtected channel, not to be confused with the forum with same name - open to everyone who need some professional help: either PM/email me, or go to my website (URL can be found in my profile).

over 20 years of computer programming experience.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...