[wp-hackers] Keeping database connection info safe
Andy Skelton
skeltoac at gmail.com
Sat Feb 25 01:42:40 GMT 2006
On 2/24/06, Joseph Scott <joseph at randomnetworks.com> wrote:
> You are absolutely correct. I must admit that I hadn't though about
> re-including the wp-config.php file. Well that bites. Is there any
> way to really protect against this in either PHP4 or PHP5? I'm
> inclined at this point to say no and that everyone better be scanning
> their plugins for "evil".
That's right. In the absence of technical know-how or trusted
referrals, one cannot trust any code. There is no list of things to
look for. You have to trace every route through the code to discover
cleverly-hidden backdoors.
There has been discussion of a plugin certification procedure but it
never went anywhere. Check the archives if you're interested in
igniting that conversation again.
Andy
More information about the wp-hackers
mailing list