- Thu Jan 04, 2018 11:44 pm
ProcessMaker already uses a weak type of encryption for those passwords. (I don't recall off the top of my head exactly which type of encryption, but it is a type which is reversible to get the original password.)
If you try to login into MySQL with the passwords listed in the databases.php file, then you find that the passwords don't work. At any rate, a hacker would first have to crack Apache security or gain login access to the server to get to the databases.php file in the first place.
Amos B. Batto ♦ ProcessMaker Technical Documentation Writer & Forum Manager ♦ Cofounder of ILLA (http://www.illa-a.org)