Database Info. Security Concerns - cpmFetch - install.php - Database Info. Security Concerns - cpmFetch - install.php -
 

News:

CPG Release 1.6.27
change DB IP storage fields to accommodate IPv6 addresses
remove use of E_STRICT (PHP 8.4 deprecated)
update README to reflect new website
align code with new .com CPG website
correct deprecation in captcha

Main Menu

Database Info. Security Concerns - cpmFetch - install.php -

Started by Joe Carver, November 11, 2009, 03:03:45 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1
User actions

Joe Carver

November 11, 2009, 03:03:45 PM Last Edit: November 11, 2009, 06:38:57 PM by i-imagine
The installation file for cpmFetch will list the contents of the db Config settings to anyone that runs it.

Installation has no restrictions on who can run it. Sensitive cpg information (db name and passwrod) don't appear, however there are rows that look to display Bridging db information.

Without too much more to go on, I would recommend that the file cpmfetch/install.php be deleted after you have installed cpmfetch.

Copied from (someone's) install.php
Code Select
BRIDGE: short_name:
BRIDGE: license_number:
BRIDGE: db_database_name:
BRIDGE: db_hostname:
BRIDGE: db_username:
BRIDGE: db_password:
BRIDGE: full_forum_url:
BRIDGE: relative_path_of_forum_from_webroot:
BRIDGE: relative_path_to_config_file:
BRIDGE: logout_flag:
BRIDGE: use_post_based_groups:
BRIDGE: cookie_prefix:
BRIDGE: table_prefix:
BRIDGE: user_table:
BRIDGE: session_table:



[EDIT]
I have tried a quick test with SMF2.0 bridged to a cpg1.4.25 test gallery and have re-run cpmFetch install.php. It returned/displayed only the value for BRIDGE: short_name:.

I would still recommend deleting install.php fom the cpmfetch folder after a successful installation
[/EDIT]

Print
Go Up Pages1
User actions