[dokuwiki] Re: sql plugin with hidden configuration

• From: "mc.prins" <mc.prins@xxxxxxxxx>
• To: dokuwiki@xxxxxxxxxxxxx
• Date: Tue, 11 Nov 2008 20:59:48 +0100

On Tuesday 11 November 2008 18:14:12 Claudio wrote:
> Hi all,
> at the moment I successfully use dokuwiki on many website ad I think
> this is a great project.
> Now I need to interface with mysql database and the only available
> solution is to use an sql plugins; unfortunately plugin like
> http://www.dokuwiki.org/plugin:sql have a well know security problem:
> * plugin show the username:pass@host worldwide hacking a bit:(

so what about the risk of still having your db open to any kind of sql 
statement? this username/password showing up really isn't such a big deal.. 
sql injection is much more.

> I decide to modify the sql plugin adding hidden configuration for all
> data; now my modified version allow you to use both syntax above:
> <sql db="urn">QUERY</sql>
> <sql>QUERY</sql>
>
> If the former syntax is used the plugin try to fetch data from $conf
> variables.
>
> Can I post this modified plugin on http://www.dokuwiki.org/plugin:sql
> or I should post it as new plugin?
>
>
> --
> Claudio
> User linux #415284
> http://www.crisos.org/ - Cris linux distribution
-- 
DokuWiki mailing list - more info at
http://wiki.splitbrain.org/wiki:mailinglist

• References:
  • [dokuwiki] sql plugin with hidden configuration
    • From: Claudio

Other related posts:

• » [dokuwiki] sql plugin with hidden configuration - Claudio
• » [dokuwiki] Re: sql plugin with hidden configuration - mc.prins

• » Related posts
• » Previous by Date
• » Next by Date
• » This Month's Archive
• » Main Archive Page

• » View list details
• » Manage your subscription