Encrypted Password


#1

We can see the password is stored in clear text under config.php
Any plan to store the password(s) in encrypted text?

Regards,
Judhi


#2

Thanks @judhip

That’s already built for version 5.

That said, as long as nobody has access to your server via SFTP or another connection, then the current version will not be an issue as that config.php file is never printed in the site’s HTML or a text file so it’s unreadable, accept for the site admin.


#3

Thank you @pulsecms , good to know about that.


#4

This password encryption (salting and hashing) was added in Pulse5 - including no longer placing the password in plain text in the config.php - it’s not stored there anymore.


closed #5