View ProjeQtOr On SourceForge.net
ProjeQtOr - Project Management Tool
Support us on Capterra
OIN - Open Invention Network
ProjeQtOr free project management software - Vulnerability in Paramters - ProjeQtOr
 
 

Vulnerability in Paramters

More
18 Jul 2023 18:26 #1 by GG42
Vulnerability in Paramters was created by GG42
Hi everyone, 
I'm surprised to see in my parameters.php config file in files\config , database password is clear.
Any way to secure it ?

extract : 
[...]$paramDbPort='3306';
$paramDbUser='xpozl_projeq';
$paramDbPassword='passwordisclear';
$paramDbName='xpozl_projeq';
[...]

BR
Gerald
 

Please Log in or Create an account to join the conversation.

More
19 Jul 2023 09:08 #2 by Plucks
Replied by Plucks on topic Vulnerability in Paramters
Hello,
Maybe that's why during installation there's a hint to set up a directory outside of web reach for this file ;)
 
Attachments:
The following user(s) said Thank You: GG42

Please Log in or Create an account to join the conversation.

More
19 Jul 2023 09:47 #3 by GG42
Replied by GG42 on topic Vulnerability in Paramters
Thanks, indeed have an outside directory may mitigate(only) this point. 
I am using the latest version (guess 14.2)
BTW, I setup an external directory on the server, I put in fields where logs and file are supposed to be, my configuration have been rejected by the system. 
external directioy is 10+ char long. Do you know if  any limit in size path exist?
cheers

Please Log in or Create an account to join the conversation.

More
19 Jul 2023 10:23 #4 by babynus
Replied by babynus on topic Vulnerability in Paramters

Do you know if  any limit in size path exist?

No, as far as I can remember, there is not limit, only system limits (255 chars on windows).
Babynus
Administrator of ProjeQtOr web site

Please Log in or Create an account to join the conversation.

More
19 Jul 2023 10:30 #5 by Plucks
Replied by Plucks on topic Vulnerability in Paramters
Also, did you check if you granted all the rights (read, update, delete...) on those directories ?
If you are on Windows, you may need to specify a full path access starting with a drive letter, and there may also be a confusion between \ and / in the path.

Please Log in or Create an account to join the conversation.

Moderators: babynusprotion
Time to create page: 0.045 seconds

Cookies settings

×

Functional Cookies

Ce site utilise des cookies pour assurer son bon fonctionnement et ne peuvent pas être désactivés de nos systèmes. Nous ne les utilisons pas à des fins publicitaires. Si ces cookies sont bloqués, certaines parties du site ne pourront pas fonctionner.

Session

Please login to see yours activities!

Other cookies

Ce site web utilise un certain nombre de cookies pour gérer, par exemple, les sessions utilisateurs.

Login Form