Databases
StackOverflow2013
Postsdbo
POHow to secure DataBase settings from other users that have shell access to the server
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. POHow to secure DataBase settings from other users that have shell access to the server
    text
    copied!<p>I installed mediawiki on a webserver to some folder</p> <pre><code>drwxr-xr-x /server/web/mediawiki </code></pre> <p>This directory contains a file LocalSettings.php. Initially this file contained DataBase settings (user/password) as plain text. </p> <p>Following the guide</p> <pre><code>https://www.mediawiki.org/wiki/Manual:Securing_database_passwords </code></pre> <p><em><strong>1</em></strong> I tried to read protect LocalSettings.php with chmod</p> <pre><code>-rwx------ LocalSettings.php </code></pre> <p>and got an error when tried to reload mediawiki page in web-browser</p> <pre><code>failed to open stream: Permission denied in .../includes/WebStart.php </code></pre> <p>So I had to give reading access to LocalSettings.php to proceed</p> <pre><code> -rwx---r-- LocalSettings.php </code></pre> <p>So, easy way didn't work for me for some reason.</p> <p><strong>Question 1</strong>: if you know why easy way didn't work, please, explain me.</p> <p><em><strong>2</em></strong> Than I followed the other way described in the guide. I cut all the DataBase settings (user/password) from the LocalSettings.php to an external file (DBpsw.php) that I placed outside of the web accessible folder:</p> <pre><code> drwxr-xr-x /home/mediawikiDBpsw/ -rw-r--r-- /home/mediawikiDBpsw/DBpsw.php </code></pre> <p>and included <strong>/home/mediawikiDBpsw/DBpsw.php</strong> to the <strong>/server/web/mediawiki/LocalSettings.php</strong></p> <p>But as you can see, the folders <strong>/server/web/mediawiki</strong>, <strong>/home/mediawikiDBpsw/</strong> and the files <strong>/home/mediawikiDBpsw/DBpsw.php</strong> , <strong>/server/web/mediawiki/LocalSettings.php</strong> are accessible to others (readable). Thus anyone "other" who has access to the server can ssh to the folder <strong>/server/web/mediawiki</strong> read the file <strong>LocalSettings.php</strong>, learn the path <strong>/home/mediawikiDBpsw/DBpsw.php</strong> from there and read the DataBase settings (user/password) from <strong>/home/mediawikiDBpsw/DBpsw.php</strong>.</p> <p><strong>Question 2</strong>: How can I protect DataBase settings (user/password) from the "other" users that have access to the server?</p> <p>Thank you in advance!</p>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload