[wp-hackers] Keeping database connection info safe

Andy Skelton skeltoac at gmail.com
Sat Feb 25 01:42:40 GMT 2006


On 2/24/06, Joseph Scott <joseph at randomnetworks.com> wrote:
> You are absolutely correct.  I must admit that I hadn't though about
> re-including the wp-config.php file.  Well that bites.  Is there any
> way to really protect against this in either PHP4 or PHP5?  I'm
> inclined at this point to say no and that everyone better be scanning
> their plugins for "evil".

That's right. In the absence of technical know-how or trusted
referrals, one cannot trust any code. There is no list of things to
look for. You have to trace every route through the code to discover
cleverly-hidden backdoors.

There has been discussion of a plugin certification procedure but it
never went anywhere. Check the archives if you're interested in
igniting that conversation again.

Andy


More information about the wp-hackers mailing list