YAML files have encrypted password but is on server. Can the combo be used to gain admin access to Grav?
Archive
YAML files should not be accessible from outside, if the server is correctly configured.
If that matter is already ok, if someone has access to the YAML files, it means the server is already compromised, admin access is not that much relevant at that point because Admin is just a tool to write files.
The encrypted passwords cannot be decrypted unless with brute force, as the algorythm to store them is one-way.
Log in to reply.
Suggested topics
| Topic | Participants | Replies | Views | Activity |
|---|---|---|---|---|
| 0 | 1321 | 9 years ago | ||
| 2 | 916 | 9 years ago | ||
| 2 | 4047 | 9 years ago | ||
| 1 | 2921 | 9 years ago | ||
| 3 | 1105 | 9 years ago |