[wp-hackers] Security Vulnerability found - Forum Post
denis at semiologic.com
denis at semiologic.com
Thu Apr 14 08:27:11 GMT 2005
Quoting Kimmo Suominen <kim at tac.nyc.ny.us>:
> Since one could still save a file (e.g. a plugin or theme component)
> that outputs the contents of wp-config.php on a web page, is checking
> for DB_PASSWORD really that useful?
i second that... moreover, you could do all sorts of workarounds like:
echo constant("D"."B"."_"."P"."A"."S"."S"."W"."O"."R"."D");
ah well... the more paranoid know better than leaving the file editor anyway.
--
Denis
http://www.semiologic.com
----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.
More information about the wp-hackers
mailing list