Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Loading…

Add plugin hook to set/modify database connection info #2870

Closed
anonymous-piwik-user opened this Issue · 5 comments

2 participants

Anonymous Piwik user Anthon Pang
Anonymous Piwik user

You can find the datebase password in the config.ini.php.

Can you pls let piwik encrypt this password?

Thanks =)

Anthon Pang
Collaborator

we don't encrypt because MySQL requires a plaintext password for the connection. The file is protected by .htaccess and .php extension, so it can't be displayed by direct access or local file inclusion.

To decrypt on every php request would add some performance overhead. Also, the question then becomes where to securely store the decryption key?

We could also try allowing the connection info to be set via environment variables (eg in your virtualhost.config), but the password is still physically stored somewhere.

Anthon Pang
Collaborator

Attachment: patch to use environment variables
2870.patch

Anthon Pang
Collaborator

(In [5681]) refs #2870 - add a hook for plugins (or third party integration) to set database config before connection is made

Anthon Pang
Collaborator

see #2874

Anthon Pang
Collaborator

(In [5686]) refs #2870

Anonymous Piwik user anonymous-piwik-user added this to the 1.7 Piwik 1.7 milestone
This issue was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.