Finding database passwords in PHP code?
Hal Burgiss
hal at burgiss.net
Fri Jan 20 19:26:57 UTC 2012
No, its totally up to the developer. I've been where you are a number of
times. Here is what I do:
grep for the database server. Find out what the server name is, and do a
recursive grep for that. That should find the file(s) with the db login
stuff. Then you can look through that file.
$ grep -r $servername *
On Fri, Jan 20, 2012 at 12:57 PM, Patton Echols <p.echols at comcast.net>wrote:
> On Fri, Jan 20, 2012 at 11:34 AM, Patton Echols<p.echols at comcast.net>
>> wrote:
>>
>>> First question:
>>>
>>> If I download the PHP for the website, what would I search for in order
>>> to
>>> find the passwords?
>>> (would that work?)
>>>
>>
>> On 01/20/2012 09:39 AM, Jeffrey Gray wrote:
>
>> I have always seen the login info stored in a seperate file on the web
>> server but within the web domain's location on the server...In other
>> words, the passwords is not stored in the served php file but is
>> called from another file that SHOULD have permissions set to 600.
>>
>> -Jeff Gray
>>
>>
> Thanks, Rather than examine manually, is there particular PHP syntax for
> Passwords I can search for?
>
>
>
>
>
> --
> ubuntu-users mailing list
> ubuntu-users at lists.ubuntu.com
> Modify settings or unsubscribe at: https://lists.ubuntu.com/**
> mailman/listinfo/ubuntu-users<https://lists.ubuntu.com/mailman/listinfo/ubuntu-users>
>
--
Hal
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20120120/59b7df7d/attachment.html>
More information about the ubuntu-users
mailing list