Jump to content

Replace sensitive information

Andy-H
 Share

Recommended Posts

Andy-H Advanced Member

Andy-H

Posted
Posted

I've seen a couple of people do this, and done it myself a couple of times.

 

 

I know it's down to a user and it's your own fault if you forget to remove sensitive information, but it would be cool if PHPFreaks/SMF could automatically search for mysql(i)_connect, imap_open etc. and * out sensitive paramaters before it posts, I've dropped a few bricks in my time posting mysql passwords lol

Link to comment
https://forums.phpfreaks.com/topic/261130-replace-sensitive-information/
Share on other sites
requinix Prolific Member

requinix

Posted
Posted

That would catch the most common coding style, but couldn't work on the second-most common:

define("DB_HOST", "public server");
define("DB_USERNAME", "something embarrassing");
define("DB_PASSWORD", "something equally embarrassing");

mysql_connect(DB_HOST, DB_USERNAME, DB_PASSWORD);

Or basically any other mechanism where the actual information isn't directly inline with the function call.

Andy-H Advanced Member

Andy-H

Posted
  • Author
Posted

Yeah but it would help in a lot of cases on here, generally I use that style but keep my defines in a settings.const.php file, but I see alot of people using mysql_query(host, user, pass) on here. Could go as far as checking for variable params and *'ing out the variable definitions?

Philip Advanced Member

Philip

Posted
Posted

Or... people could hit the "Preview" button before posting and see that they had left it in there ;)

 

I'm sorry, but if you're not willing to take the time to check to make sure your post is properly formatted / de-sensitized then you're only asking for trouble. Just my $0.02.

Andy-H Advanced Member

Andy-H

Posted
  • Author
Posted

Or... people could hit the "Preview" button before posting and see that they had left it in there ;)

 

I'm sorry, but if you're not willing to take the time to check to make sure your post is properly formatted / de-sensitized then you're only asking for trouble. Just my $0.02.

I am willing to, but we all make mistakes from time to time. Plus what about noobs posting on here for the first time, they don't know the interface, they don't know the preview button is there, they might be to busy consciously trying not to present themselves as an idiot and overlook this. What's wrong with an SMF magic_quotes_gpc?

 

//Edit

I am willing to, but we all make mistakes from time to time. Plus what about noobs posting on here for the first time, they don't know the interface, they don't know the preview button is there, they might be to busty consciously trying not to present themselves as an idiot and overlook this. What's wrong with an SMF magic_quotes_gpc?

->

I am willing to, but we all make mistakes from time to time. Plus what about noobs posting on here for the first time, they don't know the interface, they don't know the preview button is there, they might be to busy consciously trying not to present themselves as an idiot and overlook this. What's wrong with an SMF magic_quotes_gpc?

 

See lol

Philip Advanced Member

Philip

Posted
Posted
I am willing to, but we all make mistakes from time to time.

Sure, and that is what we are here for (hit report to moderator and we usually fix it pretty quickly.)

 

Plus what about noobs posting on here for the first time, they don't know the interface, they don't know the preview button is there, they might be to busy consciously trying not to present themselves as an idiot and overlook this.

While I can agree to that, the Preview button is literally 4 pixels away from the Post button... :P

 

Man, WTF did you break when editing? haha

Andy-H Advanced Member

Andy-H

Posted
  • Author
Posted

Fair enough but not everyone's that nice, I might see details and truncate their users table.

 

 

I have selective vision, my brain doesn't even process moving the cursor to post and clicking any more, it's in my "muscle memory" lol

 

 

Anyway, I see where this is going so I'll set this topic solved.

 

 

lol

salathe Member

salathe

Posted
Posted

It's often not the OP's fault if their ISP allows access from anywhere on the intertubes, they really should at least have access hostmasks set up on a per MySQL user basis.

 

That said, if anyone does see/make this mistake and wants to alert the moderators, we're happy to edit the post if we haven't seen to it already.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.