Password to live database stored within codebase in plain text

Posted: August 01, 2018 at 1:43 PM Quote #209714
Hi,

We're considering NopCommerce for our eCommerce platform. It appears that the login and password to the live database is visible in the .json file for developers to see. This is a potential security concern for us. Are there any best practices or recommendations for encrypting this?

Thank you!
This post/answer is useful
0
This post/answer is not useful

Please login or register
to vote for this post.

(click on this box to dismiss)
Posted: August 18, 2018 at 10:10 AM Quote #210744
I believe the best solution is to move the database account info outside the web root and then create a reference to it. I have you can find an perfect example in the XOOPS.org cms script for clarity. Most other scripts have a similar practice of storing the config files with db and config info in the web root.
This post/answer is useful
1
This post/answer is not useful

Please login or register
to vote for this post.

(click on this box to dismiss)
Posted: September 20, 2018 at 10:55 PM Quote #212212
I get the concern, but if you have a CICD process with TFS or jenkins, you would tokenize it anyway and let the release/deploy task plug in the value stored elsewhere.
This post/answer is useful
1
This post/answer is not useful

Please login or register
to vote for this post.

(click on this box to dismiss)
Posted: September 21, 2018 at 9:28 AM Quote #212232
Thanks!
This post/answer is useful
0
This post/answer is not useful

Please login or register
to vote for this post.

(click on this box to dismiss)
Premium support services
  • Dedicated premium support services provided by core developers are intended for persons who run mission critical websites, work on projects with tight deadlines, or want to get dedicated support.
Professional services
  • Want to open a new store? Want to take your store to the next level? Need a custom extension? We can customize nopCommerce to fit your store perfectly. Request a quote to get started.