<?php // $Id$
- // config.php - allows admin to edit all configuration variables
require_once('../config.php');
}
}
+class problem_000009 extends problem_base {
+ function title() {
+ return 'SQL: using account without password';
+ }
+ function exists() {
+ global $CFG;
+ return empty($CFG->dbpass);
+ }
+ function severity() {
+ return SEVERITY_CRITICAL;
+ }
+ function description() {
+ global $CFG;
+ return 'The user account your are connecting to the database server with is set up without a password. This is a very big security risk and is only somewhat lessened if your database is configured to not accept connections from any hosts other than the server Moodle is running on. Unless you use a strong password to connect to the database, you risk unauthorized access to and manipulation of your data.'.($CFG->dbuser != 'root'?'':' <strong>This is especially alarming because such access to the database would be as the superuser (root)!</strong>');
+ }
+ function solution() {
+ global $CFG;
+ return 'You should change the password of the user <strong>'.$CFG->dbuser.'</strong> both in your database and in your Moodle <strong>config.php</strong> immediately!'.($CFG->dbuser != 'root'?'':' It would also be a good idea to change the user account from root to something else, because this would lessen the impact in the event that your database is compromised anyway.');
+ }
+}
+
class problem_00000x extends problem_base {
+ function title() {
+ return '';
+ }
function exists() {
return false;
}
projects / moodle.git / commitdiff