Advanced search  

News:

CPG Release 1.6.26
Correct PHP8.2 issues with user and language managers.
Additional fixes for PHP 8.2
Correct PHP8 error with SMF 2.0 bridge.
Correct IPTC supplimental category parsing.
Download and info HERE

Pages: [1]   Go Down

Author Topic: Database Info. Security Concerns - cpmFetch - install.php -  (Read 3352 times)

0 Members and 1 Guest are viewing this topic.

Joe Carver

  • Dev Team member
  • Coppermine addict
  • ****
  • Country: us
  • Offline Offline
  • Gender: Male
  • Posts: 1545
  • aka 'i-imagine'
    • Home Page
Database Info. Security Concerns - cpmFetch - install.php -
« on: November 11, 2009, 03:03:45 pm »

The installation file for cpmFetch will list the contents of the db Config settings to anyone that runs it.

Installation has no restrictions on who can run it. Sensitive cpg information (db name and passwrod) don't appear, however there are rows that look to display Bridging db information.

Without too much more to go on, I would recommend that the file cpmfetch/install.php be deleted after you have installed cpmfetch.

Copied from (someone's) install.php
Code: [Select]
BRIDGE: short_name:
BRIDGE: license_number:
BRIDGE: db_database_name:
BRIDGE: db_hostname:
BRIDGE: db_username:
BRIDGE: db_password:
BRIDGE: full_forum_url:
BRIDGE: relative_path_of_forum_from_webroot:
BRIDGE: relative_path_to_config_file:
BRIDGE: logout_flag:
BRIDGE: use_post_based_groups:
BRIDGE: cookie_prefix:
BRIDGE: table_prefix:
BRIDGE: user_table:
BRIDGE: session_table:



[EDIT]
I have tried a quick test with SMF2.0 bridged to a cpg1.4.25 test gallery and have re-run cpmFetch install.php. It returned/displayed only the value for BRIDGE: short_name:.

I would still recommend deleting install.php fom the cpmfetch folder after a successful installation
[/EDIT]

« Last Edit: November 11, 2009, 06:38:57 pm by i-imagine »
Logged
Pages: [1]   Go Up
 

Page created in 0.079 seconds with 19 queries.