Summary: A web host had a crappy server configuration that allowed people on the same box to read each others’ configuration files, and some members of the “security” press have tried to turn this into a “WordPress vulnerability” story.
WordPress, like all other web applications, must store database connection info in clear text. Encrypting credentials doesn’t matter because the keys have to be stored where the web server can read them in order to decrypt the data. If a malicious user has access to the file system — like they appeared to have in this case — it is trivial to obtain the keys and decrypt the information. When you leave the keys to the door in the lock, does it help to lock the door?
A properly configured web server will not allow users to access the files of another user, regardless of file permissions. The web server is the responsibility of the hosting provider. The methods for doing this (suexec, et al) have been around for 5+ years.
I’m not even going to link any of the articles because they have so many inaccuracies you become stupider by reading them.
If you’re a web host and you turn a bad file permissions story into a WordPress story, you’re doing something wrong.
P.S. Network Solutions, it’s “WordPress” not “Word Press.”
Package:
Summary:
Generate HTML forms from XML file definitions
Groups:
Author:
Description:
This class can generate HTML forms from XML file definitions.
It can parse a given XML file and extract definitions of HTML form fields.
The class can generate HTML for a form mapping XML attributes into form input attributes.
Package:
Summary:
Accept or deny requests depending on IP address
Groups:
Author:
Description:
This class can be used to accept or deny requests depending on the user machine IP address.
It can look at the current user IP address and decided to accept or deny the request depending on rules defined in a separate rules file. It can also detect IP addresses behind proxies.
The rules define whether to accept or deny requests from individual IP addresses or whole ranges.
When the current user IP address is denied, it can either redirect the user to another page using Javascript, show a given message, or issue a denied access response header.
The newly released Microsoft Visual C++ 2010 Express has been added to the
Free C/C++ Compilers and Interpreters page. This
latest version of the compiler adds language features from the upcoming C++0x standard, among other things. It's free, so get it
if you want to write computer programs in C++ on Windows.
Note: if you don't like Visual C++, there are now 37 free C/C++
compilers on that page, so you should (hopefully) be to find one that you can use. (Yes, there are that many. And I haven't
even counted the C/C++ cross-compilers for handheld
devices and embedded systems!)
If you are a C# programmer, check out the newest addition to the
Free C# Compilers and Interpreters: the
new Microsoft Visual C# 2010 Express. The compiler now supports the .NET Framework 4 and adds new language features.
The free Microsoft Visual Basic 2010 Express has now been added to the
Free BASIC Compilers and Interpreters page.
If you're looking for an easy way to get started on writing computer programs, check it out. Alternatively, you can also
get one of the 28 other free BASIC compilers on that page.