Hi team.
Is there any way to encrypt the DB_config.inc.php file??
I do not wish to show users on that file so any can view where is the database, what is the user and pass.
Regards.
Encrypt db_config.inc.php
Moderators: Amaradana, TurboPT, TL Developers
Re: Encrypt db_config.inc.php
IMHO is a false problem if you use in the right way file permissions AFTER installation, in order to allow JUST to system user that runs webserver to READ this file.
If you do not like this you need to go for a custom development and save the crypt/decrypt key in some place that you need to assure will not be accessible to the users => you are facing same problem again.
If you do not like this you need to go for a custom development and save the crypt/decrypt key in some place that you need to assure will not be accessible to the users => you are facing same problem again.
-
enlaceptolosa
- TestLink user
- Posts: 2
- Joined: Mon Sep 01, 2014 6:15 pm
Re: Encrypt db_config.inc.php
Hi, we deploy testlink in a huge environment, more than 4000 employees. I do not say that anyone have rights to access that server or they have skills to do that or phisicall access to the server, but here we talk about a huge bank, and database is stored into a cluster(where more databases are stored), and sensitive data and confing can be found into the config file, such ip, port, user, pass, LDAP user and pass to bind the AD, etc. For big environments this can be a security issue.
Anyway I will try to make a custom plugin that can do that part. If i succed i will submit that part trough mantis request so can be integrated on next releases.
Thanks
Anyway I will try to make a custom plugin that can do that part. If i succed i will submit that part trough mantis request so can be integrated on next releases.
Thanks