password smtp email server are visibles in configuration.php
Moderators: mandville, General Support Moderators
Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant / FPA - If you are serious about wanting help, you will use this tool to help you post.
Windows Defender SmartScreen Issues <-- please read this if using Windows 10.
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant / FPA - If you are serious about wanting help, you will use this tool to help you post.
Windows Defender SmartScreen Issues <-- please read this if using Windows 10.
-
- Joomla! Enthusiast
- Posts: 128
- Joined: Thu Aug 18, 2011 12:49 am
- Contact:
password smtp email server are visibles in configuration.php
Hello. Now, I am using my personal email servers (outlook, gmail, etc) with joomla for interacting with users, but passwords are totaly visibles on file configutarion.php, It is not encrypted. If somebody or hacker acess to this data, then they to access to my personal email, and it is very dangerous. Password database are also visible, but paswords of my personal email is more important for me. What I should to do with this? I have persmisions for this file to 444 (apache:apache). Thanks.
- fcoulter
- Joomla! Ace
- Posts: 1685
- Joined: Thu Sep 13, 2007 11:39 am
- Location: UK
- Contact:
Re: password smtp email server are visibles in configuration.php
It would be a good idea to not use your personal email server, set up a dedicated email account for this purpose.
http://www.spiralscripts.co.uk for Joomla! extensions
http://www.fionacoulter.com/blog my personal website
Security Forum moderator :: VEL team member
"Wearing my tin foil hat with pride"
http://www.fionacoulter.com/blog my personal website
Security Forum moderator :: VEL team member
"Wearing my tin foil hat with pride"
- Webdongle
- Joomla! Master
- Posts: 44089
- Joined: Sat Apr 05, 2008 9:58 pm
Re: password smtp email server are visibles in configuration.php
If a hacker can read that file then they have FULL access to your server and you have bigger problems. The hackers would not need to read any info in that file as they already have full access. But if you are still worried https://docs.joomla.org/index.php?title ... ldid=68318
Please also run the fpa viewtopic.php?f=714&t=793531 and post the results ... we can advice on other security issues.
Please also run the fpa viewtopic.php?f=714&t=793531 and post the results ... we can advice on other security issues.
http://www.weblinksonline.co.uk/
https://www.weblinksonline.co.uk/updating-joomla.html
"When I'm right no one remembers but when I'm wrong no one forgets".
https://www.weblinksonline.co.uk/updating-joomla.html
"When I'm right no one remembers but when I'm wrong no one forgets".
- fcoulter
- Joomla! Ace
- Posts: 1685
- Joined: Thu Sep 13, 2007 11:39 am
- Location: UK
- Contact:
Re: password smtp email server are visibles in configuration.php
The OP doesn't say that anyone has read the configuration.php, he/she is just worried about the fact that someone might.
I don't personally think that it is a good idea to try to move the configuration.php file, it is more trouble than it is worth for the small additional protection it offers.
And actually I think that someone getting access to your personal email would be a bigger problem than having your site hacked, they could potentially get access to all your personal accounts such as bank, paypal, amazon etc. So don't ever use a personal email for this purpose.
Many hosting account accounts will include the option of creating mail boxes which can be used as smtp servers for this purpose. If yours does not you can use a gmail account, just create a new dedicated gmail account for this purpose.
I don't personally think that it is a good idea to try to move the configuration.php file, it is more trouble than it is worth for the small additional protection it offers.
And actually I think that someone getting access to your personal email would be a bigger problem than having your site hacked, they could potentially get access to all your personal accounts such as bank, paypal, amazon etc. So don't ever use a personal email for this purpose.
Many hosting account accounts will include the option of creating mail boxes which can be used as smtp servers for this purpose. If yours does not you can use a gmail account, just create a new dedicated gmail account for this purpose.
http://www.spiralscripts.co.uk for Joomla! extensions
http://www.fionacoulter.com/blog my personal website
Security Forum moderator :: VEL team member
"Wearing my tin foil hat with pride"
http://www.fionacoulter.com/blog my personal website
Security Forum moderator :: VEL team member
"Wearing my tin foil hat with pride"
- Webdongle
- Joomla! Master
- Posts: 44089
- Joined: Sat Apr 05, 2008 9:58 pm
Re: password smtp email server are visibles in configuration.php
I know. My point is that is not worth worrying about because for a hacker to read that file then they already would have full access to the server.
imho it provides no extra protection at all. Hackers who can read that file already have full access to the server so already have the information that is in it.
http://www.weblinksonline.co.uk/
https://www.weblinksonline.co.uk/updating-joomla.html
"When I'm right no one remembers but when I'm wrong no one forgets".
https://www.weblinksonline.co.uk/updating-joomla.html
"When I'm right no one remembers but when I'm wrong no one forgets".
- fcoulter
- Joomla! Ace
- Posts: 1685
- Joined: Thu Sep 13, 2007 11:39 am
- Location: UK
- Contact:
Re: password smtp email server are visibles in configuration.php
I think that we are largely in agreement. Except for
Then in that case all you have to worry about is your site being hacked, which as you say can always be restored.
It is worth worrying about because for a hacker to read that file and it contains the credentails for a personal email account then they have full access to your life. Just don't ever put personal information in there.My point is that is not worth worrying about because for a hacker to read that file then they already would have full access to the server.
Then in that case all you have to worry about is your site being hacked, which as you say can always be restored.
http://www.spiralscripts.co.uk for Joomla! extensions
http://www.fionacoulter.com/blog my personal website
Security Forum moderator :: VEL team member
"Wearing my tin foil hat with pride"
http://www.fionacoulter.com/blog my personal website
Security Forum moderator :: VEL team member
"Wearing my tin foil hat with pride"
- Per Yngve Berg
- Joomla! Master
- Posts: 30926
- Joined: Mon Oct 27, 2008 9:27 pm
- Location: Romerike, Norway
Re: password smtp email server are visibles in configuration.php
For Gmail you have to create a separate app password for Joomla to use. Not the password you use your self.
-
- Joomla! Enthusiast
- Posts: 128
- Joined: Thu Aug 18, 2011 12:49 am
- Contact:
Re: password smtp email server are visibles in configuration.php
Yes. I think this problem is very important. Finally, I have created a new account on Outlook.com with diferent aliases for each joomla website on my VPS. Maybe, in a future times, will be interesting to achive a method with encrypted passwords.
Thanks. I did not know about this, but now I have a new account on outlook.com, anyway I am going to investigate this feature.Per Yngve Berg wrote: ↑Mon Sep 17, 2018 1:12 pmFor Gmail you have to create a separate app password for Joomla to use. Not the password you use your self.
- Webdongle
- Joomla! Master
- Posts: 44089
- Joined: Sat Apr 05, 2008 9:58 pm
Re: password smtp email server are visibles in configuration.php
Not very professional having gmail addresses. Best setup the email address on your Host's CP and use the php mailer. you@yoursite .com than you@gmail .com. Personally I avoid sites that have gmail (or other free emails like yahoo) because they look like businesses that are operated from a bedroom.
http://www.weblinksonline.co.uk/
https://www.weblinksonline.co.uk/updating-joomla.html
"When I'm right no one remembers but when I'm wrong no one forgets".
https://www.weblinksonline.co.uk/updating-joomla.html
"When I'm right no one remembers but when I'm wrong no one forgets".
-
- Joomla! Enthusiast
- Posts: 128
- Joined: Thu Aug 18, 2011 12:49 am
- Contact:
Re: password smtp email server are visibles in configuration.php
Yes, it is true and you have reason, however, my websites are not profesional, and I have not installed a "administrator panel" (I prefer to learn with a LAMP installation than to use a Cpanel, very expensive moreover, or Virtualmin), neither a mail server features, because on this way i avoid to fight with spam problems. Later, I plan to buy the mail function in some provider (Gsuite, Office 365, OVH Mail, etc) and to create personal email directions with my domains, out of my vps; or maybe, to rent a new vps only mail porpouses.
- Webdongle
- Joomla! Master
- Posts: 44089
- Joined: Sat Apr 05, 2008 9:58 pm
Re: password smtp email server are visibles in configuration.php
You will get spam whichever mail server you use.
http://www.weblinksonline.co.uk/
https://www.weblinksonline.co.uk/updating-joomla.html
"When I'm right no one remembers but when I'm wrong no one forgets".
https://www.weblinksonline.co.uk/updating-joomla.html
"When I'm right no one remembers but when I'm wrong no one forgets".