What advice can you share about this feature so that it may be used securely? I was surprised to see this information in plain text but maybe you can assuage my concerns. Or would you advise that this feature not be used in Production?
Hey @ben, that’s good to know thanks. Obviously that is good news if someone unauthorized happens to get to it via browser, but what if they somehow access it via FTP? From there they could easily pivot into the database. In any development work I do, I always take a security-first approach and that includes finding ways to reduce the attack surface.
It would be nice if Wappler had a better way of storing this information as opposed to having it reside un-obfuscated in project source code. I wonder if choosing not to save it to an Server Connect action connection file would be more secure?
Hi @fatherofinvention
There is nothing to worry about, that’s not a security risk and that’s not something Wappler specific.
That’s how you setup a connection to your database using PHP - there is always a file storing this data you can learn more here: https://www.w3schools.com/php/php_mysql_connect.asp
As Ben explained the PHP files are being compiled on the server, even if someone somehow has a link to this file, they will see a blank page.
Thank you, as I have mentioned before I don’t have any PHP experience so I appreciate the education here. Good to know this is a perfectly safe and standard practice.
you can learn more here: