Encrypting the DB Password

Ask questions about your install or get help installing and configuring ProcessMaker 2

Moderator: amosbatto

Posts: 11
Joined: Fri Feb 03, 2017 6:13 pm
Country: United States of America

Encrypting the DB Password

Unread postby richvle » Thu Jan 04, 2018 8:10 pm

Hi. We're trying to encrypt the $dbPass in databases.php and DB_PASS in the db.php files. Any idea on what we can do encrypt that or the file so that someone browsing the server isn't able to see it?

Posts: 5992
Joined: Mon Jun 22, 2009 10:28 am
Country: Bolivia
Location: La Paz

Re: Encrypting the DB Password

Unread postby amosbatto » Thu Jan 04, 2018 11:44 pm

ProcessMaker already uses a weak type of encryption for those passwords. (I don't recall off the top of my head exactly which type of encryption, but it is a type which is reversible to get the original password.)

If you try to login into MySQL with the passwords listed in the databases.php file, then you find that the passwords don't work. At any rate, a hacker would first have to crack Apache security or gain login access to the server to get to the databases.php file in the first place.
Amos B. Batto ♦ ProcessMaker Technical Documentation Writer & Forum Manager ♦ Cofounder of ILLA (http://www.illa-a.org)

Return to “Installation & Configuration”

Who is online

Users browsing this forum: No registered users and 5 guests