I have noticed that osticket stores its database password in the ost-config.php file in plaintext; it would make me feel a lot better if it was encrypted.There's a good workaround on the MediaWiki site on how to move sensitive data outside of the public HTML dir, I haven't tried it yet but I think it will work for OSTicket too: https://www.mediawiki.org/wiki/ManualI'm wondering what the osticket devs have to say? Is it really considered secure to rely on user/group permissions to protect this data?
Last I checked... WordPress, Drupal, Joomla, and many other products all do that same. But I will pass along your concern to them.
I mean this is something we can look into in the future but as @ntozier said, all the major softwares do this. If you protect your server correctly stealing the db password will never be an issue. :)Cheers.
You're right, a lot of PHP apps do this. Thanks guys, I guess proper security permissions wins at the end of the day.
@JDeTeves No problem my dude. If you have any other questions or concerns feel free to post them! Cheers.