MyBB Hacks

Full Version: Admin Security
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Pages: 1 2 3 4 5 6
is there any way to completely hide the dbname/dbusername like the password is hidden

cause i do not want to disable the template system like all other hosts
(08-19-2010 07:31 AM)ZiNgA BuRgA Wrote: [ -> ]This plugin should be making it difficult, if not impossible, to access the DB password.
If you could say how one can view the DB password with this plugin installed, I would be able to look into it.

Thanks.
sorry if i was unclear

the password IS hidden

but the dbname and dbusername are still accessible...quite simply in fact

Code:
Header Template
host:{$config['database']['hostname']}<br/>
DB:{$config['database']['database']}<br/>
User:{$config['database']['username']}<br/>


is this a secure enough situation ...if it is then i apologize for not understanding

Yes, hostname/username is accessible and I don't see anything anyone could usefully do with it without a password. (that's the entire purpose of a password)
Extra ordinary !
Thanks Yumi !

PHP Code:
function admsec_rm_db_pass() {
	$GLOBALS['mybb']->config['database']['backup_type'] = $GLOBALS['mybb']->config['database']['type'];
	unset($GLOBALS['mybb']->config['database']['password'], $GLOBALS['mybb']->config['database']['type'], $GLOBALS['mybb']->config['database']['username'], $GLOBALS['mybb']->config['database']['database']);
	// unsetting the DB type forces run_shutdown to reload the config
	// TODO: unset for multi-connection setups
}


i added a small bit of code that unsets the username and dbname also

are there any side effects to that

Probably not.  Use it if you don't notice anything going wrong.
If you're wondering why I don't do it, it's because I try to minimize the number of changes I make, to reduce the potential number of conflicts which may occur by other modifications, or changes in the MyBB script in the future.  I deem unsetting those unnecessary, so I don't do it.

Do note that, despite what you may think, it doesn't really improve security, assuming you're using a reasonable password.  At best, it's merely obscurity.
thanks
thx
Should it will be helpful to install in mybb 1.8.22...I don't know much more about securities in this version.

Is it easy to get database username and password?
Thank you.
Pages: 1 2 3 4 5 6
Reference URL's