Remove Hardcoded DB Credentials
aryker opened this issue · comments
Alex Ryker commented
The database credentials are hardcoded in the PHP code, which is visible by anyone with access to our Git repository. We need to come up with an alternate system so that our passwords are not leaked to the public.
Caleb Smith commented
Files
- sql.php
- getTeam.php
- pit.php
Let me know if you can see any others.
Caleb Smith commented
Follow up: might be a good idea to remove the MySQL username & the database name.
Caleb Smith commented
Alright, it's done, passwords are removed. If anyone ever tries to host this they'll need the .db-password
file with the password in it (we should probably make a setup script for that).