Password to live database stored within codebase in plain text

This topic was automatically closed 365 days after the last reply. New replies are no longer allowed.
5 years ago
Hi,

We're considering NopCommerce for our eCommerce platform. It appears that the login and password to the live database is visible in the .json file for developers to see. This is a potential security concern for us. Are there any best practices or recommendations for encrypting this?

Thank you!
1
5 years ago
I believe the best solution is to move the database account info outside the web root and then create a reference to it. I have you can find an perfect example in the XOOPS.org cms script for clarity. Most other scripts have a similar practice of storing the config files with db and config info in the web root.
Helping local vendors to transition from brick & mortar to online commerce!
1
5 years ago
I get the concern, but if you have a CICD process with TFS or jenkins, you would tokenize it anyway and let the release/deploy task plug in the value stored elsewhere.
1
5 years ago
Thanks!
0
This topic was automatically closed 365 days after the last reply. New replies are no longer allowed.