forum.coppermine-gallery.net

Support => cpg1.4.x Support => Older/other versions => cpg1.4 cpmFetch by vuud => Topic started by: Joe Carver on November 11, 2009, 03:03:45 pm

Title: Database Info. Security Concerns - cpmFetch - install.php -
Post by: Joe Carver on November 11, 2009, 03:03:45 pm
The installation file for cpmFetch will list the contents of the db Config settings to anyone that runs it.

Installation has no restrictions on who can run it. Sensitive cpg information (db name and passwrod) don't appear, however there are rows that look to display Bridging db information.

Without too much more to go on, I would recommend that the file cpmfetch/install.php be deleted after you have installed cpmfetch.

Copied from (someone's) install.php
Code: [Select]
BRIDGE: short_name:
BRIDGE: license_number:
BRIDGE: db_database_name:
BRIDGE: db_hostname:
BRIDGE: db_username:
BRIDGE: db_password:
BRIDGE: full_forum_url:
BRIDGE: relative_path_of_forum_from_webroot:
BRIDGE: relative_path_to_config_file:
BRIDGE: logout_flag:
BRIDGE: use_post_based_groups:
BRIDGE: cookie_prefix:
BRIDGE: table_prefix:
BRIDGE: user_table:
BRIDGE: session_table:



[EDIT]
I have tried a quick test with SMF2.0 bridged to a cpg1.4.25 test gallery and have re-run cpmFetch install.php. It returned/displayed only the value for BRIDGE: short_name:.

I would still recommend deleting install.php fom the cpmfetch folder after a successful installation
[/EDIT]