Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
z92
on Aug 17, 2015
|
parent
|
context
|
favorite
| on:
WordPress base configuration files on GitHub
Which is why I don't use any database password if the database is listening on localhost only, which is the case most of the time.
cubehouse
on Aug 17, 2015
[–]
I don't think this is a good idea, even if the database is just listening to localhost. Say a malicious script gets uploaded to the machine, it will be able to dump the entire database without any need to seek out credentials.
degenerate
on Aug 17, 2015
|
parent
[–]
Agree... it's better to still have credentials, but
ALSO
only listen locally. At least that way the credentials need to be found first!
Consider applying for YC's Summer 2026 batch! Applications are open till May 4
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
