AdamH.us

Summary: A web host had a crappy server configuration that allowed people on the same box to read each others’ configuration files, and some members of the “security” press have tried to turn this into a “WordPress vulnerability” story.

WordPress, like all other web applications, must store database connection info in clear text. Encrypting credentials doesn’t matter because the keys have to be stored where the web server can read them in order to decrypt the data. If a malicious user has access to the file system — like they appeared to have in this case — it is trivial to obtain the keys and decrypt the information. When you leave the keys to the door in the lock, does it help to lock the door?

WordPress › Blog » Secure File Permissions Matter.

I saw this today and just had to laugh… I mean, how dumb can people be? Wait. No need to answer that. Einstein said it well enough — human stupidity is infinite. Why do we have Darwin awards?

Anyway,  I’m posting this up here just to clear up — TheScripters web hosting does not have this problem. It would seem to have been limited to Network Solutions. No need to worry. If you have a hosting account with us, all files are private.

© 2010, AdamH.us. All rights reserved. Please link back if you use it!