Password to live database stored within codebase in plain text

This topic was automatically closed 365 days after the last reply. New replies are no longer allowed.
5 年 前
Hi,

We're considering NopCommerce for our eCommerce platform. It appears that the login and password to the live database is visible in the .json file for developers to see. This is a potential security concern for us. Are there any best practices or recommendations for encrypting this?

Thank you!
1
5 年 前
I believe the best solution is to move the database account info outside the web root and then create a reference to it. I have you can find an perfect example in the XOOPS.org cms script for clarity. Most other scripts have a similar practice of storing the config files with db and config info in the web root.
Helping local vendors to transition from brick & mortar to online commerce!
1
5 年 前
I get the concern, but if you have a CICD process with TFS or jenkins, you would tokenize it anyway and let the release/deploy task plug in the value stored elsewhere.
1
5 年 前
Thanks!
0
This topic was automatically closed 365 days after the last reply. New replies are no longer allowed.