View Issue Details

IDProjectCategoryView StatusLast Update
0005208mantisbtsecuritypublic2008-08-12 09:37
Reporternlangenberg Assigned Tograngeway  
Status closedResolutionnot fixable 
Product Version0.19.2 
Summary0005208: Encrypt plain smtp_password and db_password configuration fields in configuration?

Is it possible to encrypt or something like hide the username/passwords to enter the database and smtp access?

I don't like it at all that these plain passwords are visible in the configuration file.

Any ideas to solve this? Or workaround maybe?

TagsNo tags attached.




2008-08-01 08:25

reporter   ~0018982

Whilst this would be nice, i'm not sure it's possible - mantis would need to be able to decrypt the password to use it to log in - at that point, anyone who's able to read config_inc.php would likely have access to the system/box and would be able run the php routine to decrypt the password.

Issue History

Date Modified Username Field Change
2005-02-03 11:09 nlangenberg New Issue
2008-08-01 08:25 grangeway Note Added: 0018982
2008-08-01 08:25 grangeway Status @0@ => resolved
2008-08-01 08:25 grangeway Resolution @0@ => not fixable
2008-08-01 08:25 grangeway Assigned To => grangeway
2008-08-12 09:37 grangeway Status resolved => closed