[wp-hackers] Security Vulnerability found - Forum Post

Robert Deaton false.hopes at gmail.com
Thu Apr 14 19:26:27 GMT 2005

PHP has this nice feature for variables called unset. unset('varname') and 
you don't have to worry about the rest of the script being able to access 
it. Call unset on the variables right after the database connection is 
established and then it guarantees that you can't access them elsewhere 
(minus inside the wpdb class if they're stored there, and if so, it could be 
made not to store them there and not lose any functionality).

On 4/14/05, Amit Gupta <amit at igeek.info> wrote:
>  well, loading the wp-config file will re-create the variable, no? ;)
> but it can be made like if connection exists, then the wp-config file is 
> not loaded else load it. stil then, the db user/password is still hard-coded 
> into the wp-config. ;)
> -----
> Amit Gupta
> || Canned!! -- my Atropine <http://blog.igeek.info/> || iG:Syntax Hiliter 
> v2.01<http://blog.igeek.info/still-fresh/2004/11/22/igsyntax-hiliter-2-final/>||
> || iGEEK.INFO <http://www.igeek.info/> || Free Nokia Ringtones<http://www.igeek.info/ringtones.php>|| Online 
> Gaming @ Games Planet <http://www.igeek.info/games.php> || 
> ---------- Original Message from "Robert Deaton" <false.hopes at gmail.com> 
> ----------
> I've always wondered why the info is stored in constants and not a 
> variable that is unset
> immediately after the database connection. Any particular reason?
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers

--Robert Deaton
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://comox.textdrive.com/pipermail/wp-hackers/attachments/20050414/fd2f6cec/attachment.html

More information about the wp-hackers mailing list