Encryption of MySQL-PW in sql.cfg

knocker · **Author**

hi,

title says nearly everything. is there any way to store an encrypted pw for my sql-db? since my db is on another server i dont want a plain pw in sql.cfg on a shared server if i cant be sure that another customer isnt able to read my pw to get full access to the db of my forum etc.

well any way to hide the pw would be useful ;)

SubStream · 05-15-2006 , 20:20

Janet Jackson where are you when they have questions like this?

c0rdawg · 05-15-2006 , 21:07

i'm not sure if its possible to do that, but you can make another username and password that can only affect your server's mysql tables, and you could make it so it can't use drop or anything to delete any data.

knocker · 05-16-2006 , 07:08

hmmm i wanna use the forum mod where you have to give amx access to the table (write/read). but then it will have the pw from the db of the forum too and its stored in plain text

Janet Jackson · 05-16-2006 , 12:20

If you make your database only accessable by your foums (probably localhost) and your gameserver ip you'll be pretty safe.

If you're having doubst about your gamehost and the way they protect your serverfiles, it's time to move on to a better host.

If other clients could access your gameserverfiles you would've known already. You rcon password and hostname would have been changed and you would be banned.

However, it is possible. You can hardcode the forummod cvars that it requires and then compile it. This way the plugin will try to retrieve the cvars and when it can't (because you haven't set them in a .cfg) it will use the default ones that you hardcoded in the sourcefile.

But you'll have to edit and recompile the plugin everytime your forum changes ip's.

Quote:

Originally Posted by SubStream

Janet Jackson where are you when they have questions like this?

Hey, you're the coder here ;)

knocker · 05-16-2006 , 12:55

Quote:

Originally Posted by Janet Jackson

However, it is possible. You can hardcode the forummod cvars that it requires and then compile it. This way the plugin will try to retrieve the cvars and when it can't (because you haven't set them in a .cfg) it will use the default ones that you hardcoded in the sourcefile.

But you'll have to edit and recompile the plugin everytime your forum changes ip's.

oh, didnt thought about this method yet ... thanks! but how can i disable the cvars are shown with "amxx cvars" in console?

Janet Jackson · 05-16-2006 , 13:04

I'm not sure if that's possible (isn't this command contained by the AMXX module itself ?). But you could disable rcon access for your admins.

knocker · 05-16-2006 , 13:42

that wouldnt stop them from using the rcon-pw ...

eg if you use hlsw you get the plain text pw from the console

Janet Jackson · 05-16-2006 , 14:14

Only when you give them the rcon password. That's all up to you.

Off topic : I trust my admins enough to give them the rcon password. If I couldn't trust them they wouldn't be admins at all.

knocker · 05-16-2006 , 14:18

well i trust them (cuz we share a server

) and so they have the rcon pw. but because its my forum they dont need the db pw and thats why i want to hide it if possible. theres nothing important at the db anyway but i think its safer and is less work than having to restore the forum (if some idiot gets the rcon-pw too) etc.