0005208: Encrypt plain smtp_password and db_password configuration fields in configuration? - MantisBT

ID	Project	Category	View Status	Date Submitted	Last Update

0005208	mantisbt	security	public	2005-02-03 11:09	2023-05-23 02:55

Reporter	nlangenberg	Assigned To	grangeway
Priority	normal	Severity	feature	Reproducibility	always
Status	closed	Resolution	not fixable
Product Version	0.19.2

Summary	0005208: Encrypt plain smtp_password and db_password configuration fields in configuration?
Description	Is it possible to encrypt or something like hide the username/passwords to enter the database and smtp access? I don't like it at all that these plain passwords are visible in the configuration file. Any ideas to solve this? Or workaround maybe?
Tags	No tags attached.

grangeway 2008-08-01 08:25 reporter ~0018982	Whilst this would be nice, i'm not sure it's possible - mantis would need to be able to decrypt the password to use it to log in - at that point, anyone who's able to read config_inc.php would likely have access to the system/box and would be able run the php routine to decrypt the password.