[DarkDeviL]

Quote:

Originally Posted by fragnichtnach Okay, thanks for explaining that there is absolutely no security. I understand this.

Obviously, you don't understand:

As you were previously told, all what you say is a "FALSE" sense of security. Also the thing referred to as "security by obscurity".

If your server should be able to use databases.cfg, it will also need to be able to decipher it. If your server can automatically decipher the data, EVERYONE with access to your server can then decipher your data by grabbing the features of your requested plugin.

Are you also locking your door, but leaving your keys on your doorstep? Your requested "plugin" here would be no different than doing that!

[ddhoward]

Quote:

Originally Posted by fragnichtnach I could try to read the code out of sourcemod. Anybody know what plugin is reading the database.cfg? Not sure if that will tell me the answer... but maybe.

There is no such plugin.

https://github.com/alliedmodders/sou...c/Database.cpp

[balonfx]

For secondary techs, jail your users in certain directories or omit others from your FTP software.

For example, for our community we jail our staff in directories they cannot exit, and either access resources out of their scope, or hide certain files/paths/etc.


You will need software or heavy configuration to make this possible, however.

[ddhoward]

Quote:

Originally Posted by balonfx For secondary techs, jail your users in certain directories or omit others from your FTP software. For example, for our community we jail our staff in directories they cannot exit, and either access resources out of their scope, or hide certain files/paths/etc. You will need software or heavy configuration to make this possible, however.

The OP is the user to be jailed. He's concerned about server hosting companies (or malicious actors who have penetrated the hosts' security measures) peeking through his files and retrieving any database passwords that are present in config files. You can "jail" files behind all the doors and locks that you want, but that's all useless if the landlord automagically has a master key to everything.


The overarching issue here is one that I have yet to find a decent solution to. I remember that back when I ran the website for my high school, my configuration files for MediaWiki and Moodle contained database passwords in cleartext. This is unavoidable unless, as asherkin pointed out, you're willing to manually enter passwords or decryption keys on every single boot.