Originally Posted by
RodG
I wasn't intererested in Wikipedia's definintion. I was interested in what *you* consider to be a 'hack'. This means many different thing to different people.
Two reasons spring to mind.
1. Security by obscurity
2. There are ready made scripts that the 'script kiddies' (often mis-labled as 'hackers') can execute to gain access to vulnerable versions of zencart that rely/depend on certain files located in the /admin/ folder. The simple act of renaming this folder prevents these 'hacks' from working.
I don't know... exactly how easy is 'that easy'? This question makes no sense.
By design, this file is unreadable via HTTP access to anyone other than a logged in administrator.
Err, no it doesn't. The username/password stored in that file gives them the login details to the *database* only.
Needless to say, this isn't something you want to give other people, which is why the file itself is protected from being accessable to anyone.
You are mistaken. This username/password in configure.php has never been encrypted, and it never will be, for reasons that will take you several lessons to understand. No offense intended. You'd need to familiarise yourself with the workings of an SQL server for this, and that is something that most zenners will never need to concern themselves with.
Unless I'm completely misunderstanding you, there is nothing to be fixed.
Cheers
Rod
Bookmarks