User Contributed Notes
Database |
|
wojtek@voyteck.pl
24-Nov-2003 6:50 |
#27
|
| If your MySQL accepts socket connections through the non-default socket (in /tmp/...) type into $g_port your socket path - will also work. |
|
amaso@gadgetbear.com
04-Dec-2003 16:16 |
#32
|
Is there any risk in entering my SQL database password in the configuration file? Can someone who knows something about PHP read the file and do (bad?) stuff with my datgabase?
---
[Editor] Following are the cases (that I can think of) where you password may be exposed:
- PHP Server gets uninstalled from the Web Server (or was not installed in the first place).
- Other users have access to the Mantis directory through FTP
- Other users have access to the Mantis directory through shell access.
- Other users have access to the Mantis directory through LAN. |
|
Maarten
13-Dec-2003 6:25 |
#35
|
In a normal situation, people cannot see the sourcecode of your PHP-pages, because it is parsed by your server before the page is returned to a browser.
Only if your PHP-parser has problems and gets disabled, people who know the URL of your config_inc.php file can see the contents.
To the developers: Why don't you create an option so that users can specify the path to config_inc.php? I'd like mine above the HTDOCS root... Pretty save I guess.
---
[Editor] This will require another config_inc to point to the config_inc! This complicates things without a practical benefit. |
|
mantis-doc.to.skeeve@spamgourmet..com
23-Jan-2004 0:29 |
#58
|
So why not configure in config.inc the location of the password file?
You can keep that out of HTDDOCS then. |
|
abosa73@hotmail.com
05-Oct-2004 5:04 |
#223
|
| How can I change the Mantis title to another title? |
|
nomail@spam.com
30-Nov-2004 9:27 |
#276
|
Wouldn't it be possible to store an encrypted value as the password, just like they are stored in MySQL as well?
I really don't like the idea of storing a password in plain-text in a human-readable file. |
|
ceo AT l-i-e DOT com
17-Dec-2004 16:44 |
#291
|
You can move your config.inc.php (or whatever) files outside the web tree, and simply change PHP's include_path setting for that directory.
include_path can be changed in:
php.ini
httpd.conf
.htaccess (if .htaccess itself is allowed in httpd.conf)
PHP source using set_include_path or set_ini functions.
There is no need for the Mantis developers to do this for you.
There *IS* considerable benefit to doing this for yourself, so that Bad People don't surf *directly* to _inc.php files, which will be executed completely out of context and with possibly disastrous effect that Mantis developers never even considered.
PS No, you can't store the encoded password -- That would negate the entire purpose of encoding it in the first place! If your MySQL data is access by the Bad Guy, you *really* don't want your passwords in there in plaintext (IE, the password you type is the one stored in the DB) |
|
ceo AT l-i-e DOT com
17-Dec-2004 16:47 |
#292
|
PPS Another potential way for users to read your password:
Use PHP itself to read the php script/file.
By definition the PHP user *has* to read the file to get the password.
So, by definition, PHP *can* read the file if one writes a script to do so.
You can maybe make this more difficult using PHP as CGI (losing many many many Module benefits) or using Apache 2.x and running PHP as a specific user (not available with Module in Apache 1.x) |
|
jn@it.swin.edu.au
08-Aug-2005 0:38 |
#559
|
| Passwords in PHP scripts is a problem if you have other users on your web server. See http://uranus.it.swin.edu.au/~jn/linux/php/passwords.htm for a discussion and real solution. |
|
cww5@mail.ncku.edu.tw
28-Sep-2005 23:02 |
#624
|
There are some questions when setting
$g_default_language = 'chinese_traditional_utf8';
I thins the same result may appear at another $g_default_language that
use utf8.
When we keyin the words other then english, and save to database, may
appear error,that's because database charset not match.
I resolved the question, by add another global setting in config_inc.php
namd $g_db_ini_setting (and set to = 'set names utf8;'; for example) and then
modify the core\database_api.php
function db_connect( $p_dsn, $p_hostname = null, $p_username = null,
$p_password = null, $p_database_name = null ) {
global $g_db_connected, $g_db;
if( $p_dsn === false ) {
$g_db = ADONewConnection( config_get_global( 'db_type' ) );
$t_result = $g_db->Connect($p_hostname, $p_username,
$p_password, $p_database_name );
} else {
$g_db = ADONewConnection( $p_dsn );
$t_result = $g_db->IsConnected();
}
if ( !$t_result ) {
db_error();
trigger_error( ERROR_DB_CONNECT_FAILED, ERROR );
return false;
}
#---- add code begin ------------
$ginistr = config_get_global( 'g_db_ini_setting' );
if ($ginistr != '' ) {
$ret = db_query( $ginistr, -1, -1);
}
#----add code end ---------------
$g_db_connected = true;
return true;
}
so when establish database connection, we may execute 'set names utf8'
first for mysql server.
so we may change the $g_db_ini_setting for
matching your environment or only '' for do nothing.
eg.
$g_default_language = 'chinese_traditional_utf8';
....
#$g_db_ini_setting = '';
$g_db_ini_setting = 'set names utf8';
#$g_db_ini_setting = 'set names big5';
|
|
liugh698@gmail.com
22-Dec-2005 4:17 |
#779
|
| Can Mantis support for microsoft SQL Server? |
|
pol20um@volny.cz
03-Jan-2006 5:02 |
#801
|
| I have mysql.sock in another path then /tmp. The g_port is not change the default path to my mysql.sock path. Can you help me ? Thanks |
|
sawsedge@yahoo.NOSPAM.com
06-Mar-2006 11:57 |
#912
|
I am trying to set up Mantis 1.0.1 on Win XP. I get the following error upon entering the database info on the initial web page.
Checking PHP support for database type BAD
database is not supported by PHP. Check that it has been compiled into your server.
Everything else says good.
I have XP, IIS 5.1, MySQL 4.1, PHP 5.1.2.
Anyone have any ideas? I assume I'm missing some other setup detail. The manual, from what I've read so far, says nothing about setting up the DB manually. |
|
sawsedge@yahoo.NOSPAM.com
07-Mar-2006 13:56 |
#914
|
I figured it out... windows installer of PHP does not include the extensions, so the connectivity to MySQL was not available.
I used the zip file version of PHP which included the extensions and was able to get past the error I mentioned above. Other other item was to edit php.ini to enable the mysql connectivity and set the extensions path. |
|
bala2905@yahoo.fr
03-Apr-2006 21:33 |
#974
|
I'am trying to set up mantis with Oracle 10g. The ADODB connection with oracle 10g is successfull but all queries doesn't work successfully...
Now, i'm trying to custom the database_api.php for this work. Someone have tips for me ? or someone can send to me the database_api.php file working successfully with Oracle (8i or 10g)
Thanks for answer ans thanks to mantis team  |
|
mige_id at yahoo dot co dot id
04-Apr-2006 23:23 |
#976
|
++++++++++++++++++++++++++++++++++++++++++++++++
sawsedge@yahoo.NOSPAM.com
06-Mar-2006 11:57 #912
I am trying to set up Mantis 1.0.1 on Win XP. I get the following error upon entering the database info on the initial web page.
Checking PHP support for database type BAD
database is not supported by PHP. Check that it has been compiled into your server.
Everything else says good.
I have XP, IIS 5.1, MySQL 4.1, PHP 5.1.2.
Anyone have any ideas? I assume I'm missing some other setup detail. The manual, from what I've read so far, says nothing about setting up the DB manually.
+++++++++++++++++++++++++++++++++++++++++++++++++++
Hi,
I was in the same case as you, but with Apache.
I solve it due to the PHP cannot load MySQL module extention if the PHP installed as module for Apache.
So, I setup the PHP as CGI for Apache. See the "Install.txt" in PHP folder.
In the php.ini file you need to change : extension_dir = "./" to something like extension_dir = "c:/php/ext" where the php_mysql.dll reside. Or you can copy the php_mysql.dll into c:\php with original extension_dir.
And of course, uncomment the extension=php_mysql.dll
I dunno if the PHP can run as CGI for IIS . |
|
pilolli@itc.it
27-Apr-2006 5:48 |
#1025
|
Hi,
If you have not mysql socket file in the defaul path /var/lib/mysql/mysql.sock
and mantis write this error line:
Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock'
You can fix this adding a similar line into core.php:
-------------------------------------------------------
ini_set("mysql.default_socket","/YourPath/mysql.sock";
------------------------------------------------------- |
|
yurii.kovalishin
04-May-2006 1:53 |
#1049
|
Hi, I have the same issue sawsedge@yahoo.NOSPAM.com (POST #912) has.
I have next system config:
- WinXP
- Apache (uses mod_php)
- MySQL
- PHP5
Next error appears on Mantis setup:
Checking PHP support for database type | BAD
database is not supported by PHP. Check that it has been compiled into your server.
I set path to phpmysql.dll and to extensions, but that gave not any result as it gave for sawsedge@yahoo.NOSPAM.com (POST #914).
Have you any idea What have I done wrong? |
|
mrprayut@hotmail.com
19-May-2006 22:14 |
#1082
|
Help me please i problem Connect SQL
" APPLICATION ERROR #401
Database query failed. Error received from database was #1146: Table 'bugtracker.mantis_user_table' doesn't exist for the query: SELECT
FROM mantis_user_table
WHERE username='administrator' "
|
|
lorenass@gmail.com
20-Nov-2006 14:03 |
#1298
|
Hi all,
I´m trying to set up Mantis 1.1.0a1 on Win XP. I get the following error info on the initial web page.
Checking PHP support for database type
BAD
database is not supported by PHP. Check that it has been compiled into your server.
Just this error.
I´m using Windows XP, Apache 2.2.3, MySQL 5.0.27, PHP 5.2.0.
I need help... What I´m doing wrong? I saw many people with the same problem that mine, and I did some tings like put php.ini file in path C:\WINDOWS. But, I don´t have sucess. |
|
trashcan6@gmx.de
08-Dec-2006 13:10 |
#1317
|
| You have to extend your PATH environment variable with c:\program files\php\ext or wherever your php with mysql module is installed. Reboot your computer after this to aplly the new PATH. |
|
|
|
| Last updated: Fri, 16 May 2008 - 13:08:39 |
|
