[wp-hackers] Security Vulnerability found - Forum Post
Robert Deaton
false.hopes at gmail.com
Thu Apr 14 19:26:27 GMT 2005
PHP has this nice feature for variables called unset. unset('varname') and
you don't have to worry about the rest of the script being able to access
it. Call unset on the variables right after the database connection is
established and then it guarantees that you can't access them elsewhere
(minus inside the wpdb class if they're stored there, and if so, it could be
made not to store them there and not lose any functionality).
On 4/14/05, Amit Gupta <amit at igeek.info> wrote:
>
> well, loading the wp-config file will re-create the variable, no? ;)
> but it can be made like if connection exists, then the wp-config file is
> not loaded else load it. stil then, the db user/password is still hard-coded
> into the wp-config. ;)
>
> -----
> Amit Gupta
>
> || Canned!! -- my Atropine <http://blog.igeek.info/> || iG:Syntax Hiliter
> v2.01<http://blog.igeek.info/still-fresh/2004/11/22/igsyntax-hiliter-2-final/>||
> || iGEEK.INFO <http://www.igeek.info/> || Free Nokia Ringtones<http://www.igeek.info/ringtones.php>|| Online
> Gaming @ Games Planet <http://www.igeek.info/games.php> ||
>
>
>
>
> ---------- Original Message from "Robert Deaton" <false.hopes at gmail.com>
> ----------
> I've always wondered why the info is stored in constants and not a
> variable that is unset
> immediately after the database connection. Any particular reason?
>
>
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
>
>
>
--
--Robert Deaton
http://somethingunpredictable.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://comox.textdrive.com/pipermail/wp-hackers/attachments/20050414/fd2f6cec/attachment.html
More information about the wp-hackers
mailing list