Site Login information stored in database Clear Text

  • Resolved gtm1ldy

    (@gtm1ldy)


    9 years, 3 months ago

    Hello,

    Was trying to disable the backup schedule on my development site and your plugin always defaulted to the live site. I found this interesting so I went into wp_options table and searched for option_value LIKE “%SQL%”.

    3 rows were returned. One of them labeled “ELISQLREPORTS_BACKUP_DB” has clear texst wp-config Login information for the site.

    a:4:{s:7:”DB_NAME”;s:17:”DATABASENAME“;s:7:”DB_HOST”;s:9:”DATABASEHOST“;s:7:”DB_USER”;s:14:”DATABASELOGINNAME“;s:11:”DB_PASSWORD”;s:13:”DATABASEPASSWORD;}

    https://www.ads-software.com/plugins/elisqlreports/

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author Eli

    (@scheeeli)

    This is the connection information used to make and restore backups to your database. I suppose it would seem safer if I encrypted that info when saving it to the DB.

    I will make a quick patch for that now…

    Plugin Author Eli

    (@scheeeli)

    I have encoded this info in the patch that I uploaded to version 4.11.33. Please delete the version that you have and download the new 4.11.33 and let me know if you spot anything else that could be improved.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Site Login information stored in database Clear Text’ is closed to new replies.