In reply to Your sites largest security risk

mydatery•30th of September 2009

I'm not talking about an issue with 644 perms. What I'm talking about is that the pw sits there in the file unencrypted in the event that someone hops into the server, just as you mentioned there Houston. This is especially of concern in the case of shared servers.

Only a 0000 perm will ensure a file can be read by noone, of course that means your site will only throw error pages too!

Permalink•Reply•Plus•0 pluses

DosDawg•30th of September 2009•to mydatery

mydatery, there are many scripts that have this same type of file. phpnuke, postnuke, e107,jamroom,and basically any other web application that has a cfg file. i think you could be correct, but the probability is unlikely. houston is correct the Iframe injection is not necessarily intended to take down a site, as much as it is to make the site owners machine a node in their network. security hardening is the responsibility of the site owner and the hosting service provider. at any rate, it wasn't see more

Permalink•Reply•Plus•0 pluses

ZopfWare•30th of September 2009•to mydatery

Just out of curiosity, how would you go about encrypting the password that is needed to get into the mysql DB? Would you store it in another mysql table, ie a clear password in a file that is used to access a mysql DB that has the encrypted master PW in it?

On most secure systems, or systems that process Credit Card data, they use a hash to store the Credit Card data. This hash requires one to KNOW the passphrase or PIN to actually decode the data that is stored. Although this is extremely see more

Permalink•Reply•Plus•0 pluses

Blogs

Help

Product

Company