Password to live database stored within codebase in plain text

1 year ago
Hi,

We're considering NopCommerce for our eCommerce platform. It appears that the login and password to the live database is visible in the .json file for developers to see. This is a potential security concern for us. Are there any best practices or recommendations for encrypting this?

Thank you!
1 year ago
I believe the best solution is to move the database account info outside the web root and then create a reference to it. I have you can find an perfect example in the XOOPS.org cms script for clarity. Most other scripts have a similar practice of storing the config files with db and config info in the web root.
1 year ago
I get the concern, but if you have a CICD process with TFS or jenkins, you would tokenize it anyway and let the release/deploy task plug in the value stored elsewhere.
1 year ago
Thanks!