[wp-hackers] Keeping database connection info safe

Rob r at robm.me.uk
Sat Feb 25 02:52:22 GMT 2006

Joseph Scott wrote:
> You are absolutely correct.  I must admit that I hadn't though about 
> re-including the wp-config.php file.  Well that bites.  Is there any 
> way to really protect against this in either PHP4 or PHP5?  I'm 
> inclined at this point to say no and that everyone better be scanning 
> their plugins for "evil".  Has anyone put together a list of things 
> that should raise the red flag when they see it in a plugin?
> -- 
> Joseph Scott
> joseph at randomnetworks.com
> http://joseph.randomnetworks.com/
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers

But then what's to stop the inevitable

Plugin Name: Evil

foreach(glob(ABSPATH.'/*') as $file) {



There's no way of stopping malicious code from running other than 
reviewing it before you run.

Rob Miller
http://robm.me.uk/ | http://kantian.co.uk/

More information about the wp-hackers mailing list