Storing Credentials in the Database Question | ww.wp.xz.cn

Resolved jason_hayes
(@jason_hayes)

3 years, 4 months ago

I was just setting up offload media lite. I wanted to know why storing the keys in the database isn’t recommended. It’s just as easy to add it to the wp-config file but it easier to use the database. Just curious.

Viewing 2 replies - 1 through 2 (of 2 total)

Thread Starter jason_hayes
(@jason_hayes)

3 years, 4 months ago

One more quick question:

Are the keys stored in the database encrypted?

Plugin Author Delicious Brains
(@deliciousbrains)

3 years, 4 months ago

The keys can’t be encrypted as they need to be sent as is over HTTPS. A one-way hash wouldn’t help there, and if you can decrypt, then so could someone else. Hence putting them in the database is a bad idea if someone gets access to the database.

Better option is to put them in wp-config.php, because if someone gets into the server itself and can read that file, you’ve got bigger issues to worry about.

Best option is to use EC2 or GCE and use server roles attached to the instance so that WP never even needs to have any credentials.

-IJ

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘Storing Credentials in the Database Question’ is closed to new replies.

2 replies
2 participants
Last reply from: Delicious Brains
Last activity: 3 years, 4 months ago
Status: resolved