Am 02.09.2005 um 19:33 schrieb dug:
I've noticed that the admin password to the mySQL
db is included in
plain
text in the LocalSettings.php file in my Wiki directory, which is
set to
755, readable and executable by the world. Am I being paranoid, or
is this a
slightly insecure situation?
That's normal with about every software running on a webserver.
Can the password be encrypted, or is there some other
security
measure I
should take?
Create a new mysql-user for the Mediawiki only or pu tthe
LocalSettings-php
in a path not accessible for the apache and make sure it's included
via php.
Advantage is that it's secure against a failure of php but honestly,
that happens
so seldom that it's not worth the work.
ciao, tom
--
http://de.wikipedia.org/wiki/Benutzer:TomK32
http://www.tomk32.de