Jump to content

Recommended Posts

Hi all,

 

I'm currently involved in customizing the Open Source CMS Joomla for usage in a secure environment. One of the security requirements is the need to be able to make it as hard as possible for the server administrators to be able to compromise the database.

 

Unfortunately, Joomla (and I guess almost all PHP application) puts its database connection parameters in clear in its configuration file. OS file permissions will not help as the SAs will be able to compromise that easily.

 

Has anyone had experience with such scenario, and any good implementations that you can share over here?

 

Thanks!

 

 

If you can't trust your SA's, who can you trust.  Just about anything you do, they'll have access to won't they?

 

pretty much sums it up...

 

when you get right down to it... everything is accessable to a SA... if they wanted to break a site... they could just delete the config file... simple enough...

Store the configuration file somewhere on your server that your admins do not have permission to. Do not store in the web document root. Change the include paths within the CMS to the new location.

An admin could write a .php script in about 30 seconds that could read and display the contents of any file that another .php script can also read.

 

Encrypt with ioncube: http://www.ioncube.com/

 

However if your admins can update php files then youre pretty much stuffed as they could output all variables from any part of the system.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.