MyBB Hacks

MyBB Hacks > MyBB Plugins > Admin Security
Full Version: Admin Security
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Pages: 1 2 3 4 5 6

Captain Pretender

08-19-2010, 01:18 PM
is there any way to completely hide the dbname/dbusername like the password is hidden

cause i do not want to disable the template system like all other hosts

ZiNgA BuRgA

08-19-2010, 01:39 PM
(08-19-2010 07:31 AM)ZiNgA BuRgA Wrote: [ -> ]This plugin should be making it difficult, if not impossible, to access the DB password.
If you could say how one can view the DB password with this plugin installed, I would be able to look into it.

Thanks.

Captain Pretender

08-19-2010, 01:48 PM
sorry if i was unclear

the password IS hidden

but the dbname and dbusername are still accessible...quite simply in fact

Code: 
Header Template
host:{$config['database']['hostname']}<br/>
DB:{$config['database']['database']}<br/>
User:{$config['database']['username']}<br/>


is this a secure enough situation ...if it is then i apologize for not understanding

ZiNgA BuRgA

08-19-2010, 01:55 PM
Yes, hostname/username is accessible and I don't see anything anyone could usefully do with it without a password. (that's the entire purpose of a password)

Imran

08-26-2010, 10:38 AM
Extra ordinary !
Thanks Yumi !

Captain Pretender

08-30-2010, 04:48 PM

PHP Code: 
function admsec_rm_db_pass() {
	$GLOBALS['mybb']->config['database']['backup_type'] = $GLOBALS['mybb']->config['database']['type'];
	unset($GLOBALS['mybb']->config['database']['password'], $GLOBALS['mybb']->config['database']['type'], $GLOBALS['mybb']->config['database']['username'], $GLOBALS['mybb']->config['database']['database']);
	// unsetting the DB type forces run_shutdown to reload the config
	// TODO: unset for multi-connection setups
}


i added a small bit of code that unsets the username and dbname also

are there any side effects to that

ZiNgA BuRgA

08-30-2010, 05:37 PM
Probably not.  Use it if you don't notice anything going wrong.
If you're wondering why I don't do it, it's because I try to minimize the number of changes I make, to reduce the potential number of conflicts which may occur by other modifications, or changes in the MyBB script in the future.  I deem unsetting those unnecessary, so I don't do it.

Do note that, despite what you may think, it doesn't really improve security, assuming you're using a reasonable password.  At best, it's merely obscurity.

Captain Pretender

08-30-2010, 06:02 PM
thanks

xxvirusxx

02-12-2011, 10:11 PM
thx

WINBOY

06-25-2020, 09:36 PM
Should it will be helpful to install in mybb 1.8.22...I don't know much more about securities in this version.

Is it easy to get database username and password?
Thank you.
Pages: 1 2 3 4 5 6
MyBB Hacks > MyBB Plugins > Admin Security
Reference URL's