global user name and password

GlenMcCabe · Unread post by **GlenMcCabe** » Tue Feb 11, 2020 11:25 pm

The globeadmin login and password are visible in nuconfig.php. Is this required? and is it not a security problem?

Unread post by **kev1n** » Wed Feb 12, 2020 9:25 am

Where else should the password be stored?

Read "Why is database password stored in plain text in wp-config.php in WordPress, security issue?" from https://stackoverflow.com/questions/577 ... dpress-sec

The same applies to nuBuilder

If your users can read your wp-config.php you've already lost from a security perspective.

Let's say the database credentials weren't stored in plain text and were, say, stored as an encrypted string that would be decrypted by Wordpress itself. If the potential attacker can read the wp-config.php they can probably read the decryption key as well as there's no reason to suspect that that would be stored any more securely.

When people talk about how up to date security mechanisms use hashing and salting that is only relevant to when you are the effective server. Hashing is a one way process of taking a password and converting it into something that is impossible to reverse back into the password. If you're a client rather than a server, there's no way to get around the fact that you need to have a way of getting the plain text password.

GlenMcCabe · Unread post by **GlenMcCabe** » Wed Feb 12, 2020 9:37 am

Thanks Kevin

This environment is new to me. I understand what you are saying. I am developing in windows using XAMPP and I am sure when I pass it over to my colleauges to publish the database they will be aware of this.

Unread post by **admin** » Mon Feb 17, 2020 12:55 am

nuBuilder Forum

global user name and password

global user name and password

Re: global user name and password

Re: global user name and password

Re: global user name and password