global user name and password

Questions related to using nuBuilder Forte.

global user name and password

Postby GlenMcCabe » Wed Feb 12, 2020 7:55 am

The globeadmin login and password are visible in nuconfig.php. Is this required? and is it not a security problem?
GlenMcCabe
 
Posts: 30
Joined: Sun Sep 29, 2019 8:10 pm

Re: global user name and password

Postby kev1n » Wed Feb 12, 2020 5:55 pm

Where else should the password be stored?

Read "Why is database password stored in plain text in wp-config.php in WordPress, security issue?" from https://stackoverflow.com/questions/577 ... dpress-sec

The same applies to nuBuilder

If your users can read your wp-config.php you've already lost from a security perspective.

Let's say the database credentials weren't stored in plain text and were, say, stored as an encrypted string that would be decrypted by Wordpress itself. If the potential attacker can read the wp-config.php they can probably read the decryption key as well as there's no reason to suspect that that would be stored any more securely.

When people talk about how up to date security mechanisms use hashing and salting that is only relevant to when you are the effective server. Hashing is a one way process of taking a password and converting it into something that is impossible to reverse back into the password. If you're a client rather than a server, there's no way to get around the fact that you need to have a way of getting the plain text password.
kev1n
 
Posts: 474
Joined: Mon Oct 15, 2018 2:13 am

Re: global user name and password

Postby GlenMcCabe » Wed Feb 12, 2020 6:07 pm

Thanks Kevin

This environment is new to me. I understand what you are saying. I am developing in windows using XAMPP and I am sure when I pass it over to my colleauges to publish the database they will be aware of this.
GlenMcCabe
 
Posts: 30
Joined: Sun Sep 29, 2019 8:10 pm

Re: global user name and password

Postby admin » Mon Feb 17, 2020 9:25 am

.
admin
Site Admin
 
Posts: 3217
Joined: Mon Jun 15, 2009 9:53 am


Return to General