Pete Johnstone

Config.php file has Mysql password in plain text, is this wise?

Discussion created by Pete Johnstone on Jan 4, 2017
Latest reply on Feb 24, 2017 by sugar.dennis

Title basically says it all, the default config.php file created when installing Sugar has the MySQL db user's password stored in it in plain text?  Is there any good way to encrypt this so it isn't just sitting there easily readable?  Or is it just a matter of if somebody has access to the file already then you're already in a heap of trouble as they're already in your system?  

 

Just wondering what/if best practices for this might be?  

Outcomes