nuBuilder Forum


https://forums.nubuilder.cloud/

global user name and password

https://forums.nubuilder.cloud/viewtopic.php?t=10249

Page 1 of 1

global user name and password

Posted: Tue Feb 11, 2020 11:25 pm
by GlenMcCabe
The globeadmin login and password are visible in nuconfig.php. Is this required? and is it not a security problem?

Re: global user name and password

Posted: Wed Feb 12, 2020 9:25 am
by kev1n
Where else should the password be stored?

Read "Why is database password stored in plain text in wp-config.php in WordPress, security issue?" from https://stackoverflow.com/questions/577 ... dpress-sec

The same applies to nuBuilder
If your users can read your wp-config.php you've already lost from a security perspective.

Let's say the database credentials weren't stored in plain text and were, say, stored as an encrypted string that would be decrypted by Wordpress itself. If the potential attacker can read the wp-config.php they can probably read the decryption key as well as there's no reason to suspect that that would be stored any more securely.

When people talk about how up to date security mechanisms use hashing and salting that is only relevant to when you are the effective server. Hashing is a one way process of taking a password and converting it into something that is impossible to reverse back into the password. If you're a client rather than a server, there's no way to get around the fact that you need to have a way of getting the plain text password.

Re: global user name and password

Posted: Wed Feb 12, 2020 9:37 am
by GlenMcCabe
Thanks Kevin

This environment is new to me. I understand what you are saying. I am developing in windows using XAMPP and I am sure when I pass it over to my colleauges to publish the database they will be aware of this.

Re: global user name and password

Posted: Mon Feb 17, 2020 12:55 am
by admin
.
All times are UTC+02:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited