[pmwiki-users] Newbie Alert!!! - basic site security?

Johnny Ernst Nielsen j_e_n_pub at yahoo.dk
Fri Oct 19 14:28:38 CDT 2007


Fredag 19 oktober 2007 20:11 kvad Jeff Schallenberg:
> On 10/19/07, Johnny Ernst Nielsen <j_e_n_pub at yahoo.dk> wrote:
> > $DefaultPasswords['read'] = crypt('readpassword');
>
> That was the one I was missing.
>
> Thank you, Johnny!

You are welcome :o)

One last thing.
It will me more secure if you substitute crypt('password') 
with 'encryptedpassword' like this:

$DefaultPasswords['admin'] = '$1$PFDIJCau$7dTdugPw8o9y6kgMzM3ua0';

If you go to Main.HomePage?action=crypt you can have your password 
encrypted.

Otherwise, anyone gaining access to read your config.php can read your 
password, because it's right there in plain text inside the crypt() 
function.

Best regards :o)

Johnny :o)



More information about the pmwiki-users mailing list