For what use is the secret word inside configuration.php ?

General questions relating to Joomla! 1.5 There are other boards for more specific help on Joomla! features and extensions.

Moderator: General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting.
Forum Post Assistant - If you are serious about wanting help, you should use this tool to help you post.
Locked
dotcom22
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 214
Joined: Mon Nov 19, 2007 10:33 pm

For what use is the secret word inside configuration.php ?

Post by dotcom22 » Sat Jul 25, 2009 2:30 pm

Hello

I plan to install several Joomla (using prepacked Joomla made with Joomlapack) and I thinking to do that without running install from web but manually...It's also because I want put my configuration.php file outside of public_html folder like is suggest to Security Joomla docs...

So if am not wrong I just need to set correctly the configuration file and no more...but I don't know for what it is the use of value "secret word"...I can fill this with anything ??

Any suggestion welcome...thank

User avatar
CptDecker
Joomla! Ace
Joomla! Ace
Posts: 1047
Joined: Mon Feb 27, 2006 3:00 am
Location: New York
Contact:

Re: For what use is the secret word inside configuration.php ?

Post by CptDecker » Sat Jul 25, 2009 2:34 pm

This is a unique alpha-numeric code for every Joomla! installation. It is created when Joomla is first installed. It is used for security functions.
CptDecker

Total Hosting -- Professional Joomla Web Hosting
http://www.totalhosting.com/Web-Hosting/Joomla.html

jdavis74
Joomla! Explorer
Joomla! Explorer
Posts: 443
Joined: Fri Jul 03, 2009 5:38 pm

Re: For what use is the secret word inside configuration.php ?

Post by jdavis74 » Sat Jul 25, 2009 2:37 pm

I believe the secret word is the key used to generate the MD5 hashes to store sensitive information, like the password, in the database. It shouldn't matter what you use for the secret word, but in order for the hash to be strong, you'll want it to be long and random.

You don't necessarily have to put configuration.php outside of public_html to make it secure. As long as permissions are 644, you can use the following command to make it immutable:

chattr +i configuration.php
Joseph Davis
Technical Support Representative
jdavis@hosting.com
http://hosting.com

dotcom22
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 214
Joined: Mon Nov 19, 2007 10:33 pm

Re: For what use is the secret word inside configuration.php ?

Post by dotcom22 » Sat Jul 25, 2009 2:59 pm

So i can insert any secret word I want without problem ??? In fact It is because I see the secret word displayed inside Admin backend in Site Configuration are not the same then the word I see inside configuration.php....

Really ?? It is not necessary to put configuration.php outside of public_html ?? For sure all my files are set to chmod 644 but I thinking for most security is better to put outside....I just try to secure the most possible my install by following Joomla Security docs....but it seem this docs are maybe outdated....

Yes I know the chattr command...maybe is the best way to follow...

thank

PS: Just for be clear: A file with chmod 644 can be read by everybody but only user and owner can write to it...well...Anyway that mean a potential hacker can always try to read the contain of this file...? If yes what are the sensible data ?? Except the database password and administrator email and maybe secret word I don't see other sensible data....

What a hacker can do with a database password ? If the security of Hosting Panel/server are not compromised they can do nothing with that...or not ?

thank

User avatar
CptDecker
Joomla! Ace
Joomla! Ace
Posts: 1047
Joined: Mon Feb 27, 2006 3:00 am
Location: New York
Contact:

Re: For what use is the secret word inside configuration.php ?

Post by CptDecker » Sat Jul 25, 2009 3:44 pm

To learn more about the secret word you can read the following:

http://help.joomla.org/content/view/51/153/1/5/

I do not think you can put the config outside the html directory without doing significant modifications to Joomla and the patches that follow.

FYI 644 would be
owner: read and write permissions,
group: only read permissions,
others: only read permissions.

but keep in mind the configuration file is a PHP file and not viewable via the web.
CptDecker

Total Hosting -- Professional Joomla Web Hosting
http://www.totalhosting.com/Web-Hosting/Joomla.html

dotcom22
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 214
Joined: Mon Nov 19, 2007 10:33 pm

Re: For what use is the secret word inside configuration.php ?

Post by dotcom22 » Sat Jul 25, 2009 4:03 pm

Ok I understand more about secret word....thanks for link..

About the fact to put the configuration file outside public_html the joomla docs suggest to do that...

http://docs.joomla.org/Security_and_Per ... ic_html.3F

Like you say php file can not be read from the web...so I don't know why they suggest this...

User avatar
CptDecker
Joomla! Ace
Joomla! Ace
Posts: 1047
Joined: Mon Feb 27, 2006 3:00 am
Location: New York
Contact:

Re: For what use is the secret word inside configuration.php ?

Post by CptDecker » Sat Jul 25, 2009 5:13 pm

Thanks - that method certainly would work.

That is why I love the Joomla forum. You can learn something new all the time.
CptDecker

Total Hosting -- Professional Joomla Web Hosting
http://www.totalhosting.com/Web-Hosting/Joomla.html


Locked

Return to “General Questions/New to Joomla! 1.5”