Skip to content

Improve security for our database access #386

Open
Open
Improve security for our database access#386
Assignees
nickssl
Labels
SOCWeb SiteThemis-Artemis web sites at SSL, spedas.orgadminFor administrative/managerial/infrastructure issues
@nickssl

Description

@nickssl
nickssl
opened on Apr 1, 2026

The database username and password appear in many PHP web pages, and has remained the same for many years. Both of these are potentially security issues. The username and the password have probably been already leaked because of backups, files at UCLA, etc.

What we can do is:

  • The username and password should be stored in a separate file outside the web server directories, and that file should be included in the PHP pages.
  • We should change the password because it has been the same for a very long time.

After the first step, the password will be stored in one file only, so it will be easier to change it. Now it is stored in multiple files, so it is much harder to change it.

Metadata

Metadata

Assignees

Labels

SOCWeb SiteThemis-Artemis web sites at SSL, spedas.orgadminFor administrative/managerial/infrastructure issues

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions