[wp-hackers] Keeping database connection info safe

[Joseph Scott]

I've been thinking about WordPress plugins and came up some issues on  
keeping database connection information safe.  In wp-config.php all  
of the details needed to connect to the MySQL database are defined()  
as constants.  This makes it very easy for the $wpdb object to do its  
thing.  But once the database connection has been established, do we  
really need to have those constants still floating around?

It would be very easy to include some malicious code in a plugin that  
would attempt to email out those details to "bad people".  So my  
first thought was to simply undefine the database connection info  
once a successful database connection has been established.  It  
doesn't look like this is possible though, according to the PHP  
constants docs (at http://us2.php.net/manual/en/ 
language.constants.php).  Once a constant has been defined it can  
never, ever be changed or undefined, hence the term constant :-)

So perhaps there should be some discussion on setting the database  
connection information in a way that can be latter undefined once the  
database connection has been established.  May be something as simple  
as an array?  Something like:

$db_info["host"] = "localhost";
$db_info["user"] = "awesome";
$db_info["password"] = "133t";
$db_info["name"] = "cool_blog";

After the database connection is done a call to unset($db_info) or  
$db_info = "" or $db_info = array() would be enough to zap that info.

I realize there is a certain amount of trust when a user activates a  
plugin and there isn't really a way to prevent a plugin from shooting  
a user in the foot, but we can take some small steps to eliminate the  
potential risks.  No this won't prevent a plugin from trashing a  
database (since they'll still have access to the database  
connection), but it could prevent sensitive data from getting out.

Comments, thoughts, ideas?

--
Joseph Scott
joseph at randomnetworks.com
http://joseph.randomnetworks.com/