[wp-hackers] Security Vulnerability found - Forum Post
Robert Deaton
false.hopes at gmail.com
Thu Apr 14 11:13:46 GMT 2005
I've always wondered why the info is stored in constants and not a variable
that is unset immediately after the database connection. Any particular
reason?
On 4/14/05, denis at semiologic.com <denis at semiologic.com> wrote:
>
> Quoting Kimmo Suominen <kim at tac.nyc.ny.us>:
>
> > Since one could still save a file (e.g. a plugin or theme component)
> > that outputs the contents of wp-config.php on a web page, is checking
> > for DB_PASSWORD really that useful?
>
> i second that... moreover, you could do all sorts of workarounds like:
>
> echo constant("D"."B"."_"."P"."A"."S"."S"."W"."O"."R"."D");
>
> ah well... the more paranoid know better than leaving the file editor
> anyway.
>
> --
> Denis
> http://www.semiologic.com
>
> ----------------------------------------------------------------
> This message was sent using IMP, the Internet Messaging Program.
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
>
--
--Robert Deaton
http://somethingunpredictable.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://comox.textdrive.com/pipermail/wp-hackers/attachments/20050414/8acd41eb/attachment-0001.html
More information about the wp-hackers
mailing list