is there any way to completely hide the dbname/dbusername like the password is hidden
cause i do not want to disable the template system like all other hosts
(08-19-2010 07:31 AM)ZiNgA BuRgA Wrote: [ -> ]This plugin should be making it difficult, if not impossible, to access the DB password.
If you could say how one can view the DB password with this plugin installed, I would be able to look into it.
Thanks.
sorry if i was unclear
the password IS hidden
but the dbname and dbusername are still accessible...quite simply in fact
Code:
Header Template
host:{$config['database']['hostname']}<br/>
DB:{$config['database']['database']}<br/>
User:{$config['database']['username']}<br/>
|
is this a secure enough situation ...if it is then i apologize for not understanding
Yes, hostname/username is accessible and I don't see anything anyone could usefully do with it without a password. (that's the entire purpose of a password)
Extra ordinary !
Thanks Yumi !
PHP Code:
function admsec_rm_db_pass() {
$GLOBALS['mybb']->config['database']['backup_type'] = $GLOBALS['mybb']->config['database']['type'];
unset($GLOBALS['mybb']->config['database']['password'], $GLOBALS['mybb']->config['database']['type'], $GLOBALS['mybb']->config['database']['username'], $GLOBALS['mybb']->config['database']['database']);
}
|
i added a small bit of code that unsets the username and dbname also
are there any side effects to that
Probably not. Use it if you don't notice anything going wrong.
If you're wondering why I don't do it, it's because I try to minimize the number of changes I make, to reduce the potential number of conflicts which may occur by other modifications, or changes in the MyBB script in the future. I deem unsetting those unnecessary, so I don't do it.
Do note that, despite what you may think, it doesn't really improve security, assuming you're using a reasonable password. At best, it's merely obscurity.
Should it will be helpful to install in mybb 1.8.22...I don't know much more about securities in this version.
Is it easy to get database username and password?
Thank you.