[wp-hackers] Keeping database connection info safe
skeltoac at gmail.com
Sat Feb 25 01:42:40 GMT 2006
On 2/24/06, Joseph Scott <joseph at randomnetworks.com> wrote:
> You are absolutely correct. I must admit that I hadn't though about
> re-including the wp-config.php file. Well that bites. Is there any
> way to really protect against this in either PHP4 or PHP5? I'm
> inclined at this point to say no and that everyone better be scanning
> their plugins for "evil".
That's right. In the absence of technical know-how or trusted
referrals, one cannot trust any code. There is no list of things to
look for. You have to trace every route through the code to discover
There has been discussion of a plugin certification procedure but it
never went anywhere. Check the archives if you're interested in
igniting that conversation again.
More information about the wp-hackers