@anonymous-piwik-user opened this Issue on January 17th 2012

You can find the datebase password in the config.ini.php.

Can you pls let piwik encrypt this password?

Thanks =)

@robocoder commented on January 18th 2012 Contributor

Attachment: patch to use environment variables
2870.patch

@robocoder commented on January 18th 2012 Contributor

we don't encrypt because MySQL requires a plaintext password for the connection. The file is protected by .htaccess and .php extension, so it can't be displayed by direct access or local file inclusion.

To decrypt on every php request would add some performance overhead. Also, the question then becomes where to securely store the decryption key?

We could also try allowing the connection info to be set via environment variables (eg in your virtualhost.config), but the password is still physically stored somewhere.

@robocoder commented on January 18th 2012 Contributor

(In [5681]) refs #2870 - add a hook for plugins (or third party integration) to set database config before connection is made

@robocoder commented on January 20th 2012 Contributor

see #2874

@robocoder commented on January 20th 2012 Contributor

(In [5686]) refs #2870

This Issue was closed on January 20th 2012
Powered by GitHub Issue Mirror