On 10/15/07, H. Fox <[EMAIL PROTECTED]> wrote: > On 10/15/07, Christophe David <[EMAIL PROTECTED]> wrote: > > > FWIW cleartext passwords in config.php are avoidable if you use > > > ?action=crypt and paste crypted passwords into the file. > > > > This is not relevant for this topic: we are talking about PHP session > > files storing passwords in clear. > > The topic isn't necessarily that specific, considering this is the > pmwiki-users list, not pmwiki-devel. First, here's the part you > chopped out... > > >>On 10/12/07, Maria McKinley <[EMAIL PROTECTED]> wrote: > >>> Yes, I suppose if they could look at /tmp they could also look at > >>> config.php, and get my admin password, which probably should not be > >>> written out in plain text on the server either. > > Not everyone reading this thread -- possibly Maria included -- knows > that you can crypt passwords in config.php. I thought a reminder > about ?action=crypt might be helpful. >
Indeed, had I known, I would have been doing this. Thanks for the tip, and it seems close enough to on-topic to me to be worth posting to the same thread. thanks, maria > Anyone using a managed hosting service (or just about any server with > other users) should be crypting their passwords in config.php whether > they realize it or not. Now maybe some of them are aware of this who > weren't aware before. > > Hagan > > _______________________________________________ > pmwiki-users mailing list > pmwiki-users@pmichaud.com > http://www.pmichaud.com/mailman/listinfo/pmwiki-users > -- Maria Mckinley Scientific Programmer Shadlen Lab Physiology and Biophysics Box 357290 University of Washington (206) 616-3923 [EMAIL PROTECTED] _______________________________________________ pmwiki-users mailing list pmwiki-users@pmichaud.com http://www.pmichaud.com/mailman/listinfo/pmwiki-users