Hiding the database password under Administration/System Information

Software Support
1

Is it possible to hide the database password exposed under Administration >> System Information in OJS3.x? At the moment it’s listed alongside the other variables in the database section under OJS Configuration.

My first through was to either comment out the call being made to display the password in that cell on the table (i.e. <td>) or comment out the whole “Password” row (<tr>). However, I’ve exported out a copy of our webserver and have hunted through the php files to work out where the call’s being made to read out the variables from config.inc.php but can’t find it.

If someone could point me in the right direction for where the SSI is stored I’ll proceed with commenting it out and do so with the understanding we’ll have to rinse/repeat for subsequent software updates.

This being said, if others have tackled similar issues in the past and have a smarter way of achieving this it would be great to hear from you!

1 Like
2

Hi @SBAus,

Good question. I’m wondering if you could give your specific version number that you’re working with (e.g. 3.3.0-8), as the database structure may vary in various versions of 3.x. From there, I’ll run this by some of our dev team to see if they can offer suggestions.

-Roger
PKP Team

1 Like
3

Hi @rcgillis - thanks for the prompt reply!

We’re currently running 3.3.0.8.

Looking forward to feedback from the dev, very much appreciate it!

4

Hi,
If you delete the following code in the systemInfo.tpl file
(lib/pkp/templates/admin/systemInfo.tpl) you don’t see any information (not only password) from config.inc.php

<table class="pkpTable" aria-labelledby="systemConfiguration{$key}">
			<thead>
				<tr>
					<th>{translate key="admin.systemInfo.settingName"}</th>
					<th>{translate key="admin.systemInfo.settingValue"}</th>
				</tr>
			</thead>
			{foreach from=$configData item="settings" key="category"}
				<tbody>
					<tr>
						<td colspan="2" class="app--admin__systemInfoGroup">{$category}</td>
					</tr>
					{foreach from=$settings item="value" key="name"}
						<tr>
							<td>{$name|escape}</td>
							<td>{$value|escape}</td>
						</tr>
					{/foreach}
				</tbody>
			{/foreach}
		</table>

image

2 Likes
5

@kerimsarigul Thank you so much for pointing me in the right direction! I was having trouble locating where the template files were located and had missed that spot. We’ll experiment with the code and will report back on how we go in case others find themselves in a similar spot!

6

Wanted to say another big thank you to @kerimsarigul - can confirm we have eliminated the table thanks to the advice and am working on a few tweaks. Happy to post and share our result if others are interested once we’ve finished it up?

2 Likes
7

I’m glad that it is useful. Thanks for the feedback.

8

In good news it looks like everything’s running as expected when pushing our solution into production.

If others are in a similar boat, what I did was add some additional if statements in the nested foreach loop to return generic entries for selected variables. This way we can otherwise keep the table visible but hide what we want to.

Here’s the source if you want to incorporate this into your installation:

Location: lib/pkp/templates/admin/systeminfo.tpl

<table class="pkpTable" aria-labelledby="systemConfiguration{$key}">
	<thead>
		<tr>
			<th>{translate key="admin.systemInfo.settingName"}</th>
			<th>{translate key="admin.systemInfo.settingValue"}</th>
		</tr>
	</thead>
	{foreach from=$configData item="settings" key="category"}
		<tbody>
			<tr>
				<td colspan="2" class="app--admin__systemInfoGroup">{$category}</td>
			</tr>
			{foreach from=$settings item="value" key="name"}
				{if $name == 'username'}
					<tr>
						<td>username</td>
						<td>******</td>
					</tr>
					{elseif $name == 'password'}
						<tr>
							<td>password</td>
							<td>******</td>
						</tr>
					{elseif $name == 'name'}
						<tr>
							<td>database name</td>
							<td>******</td>
						</tr>
					{elseif $name == 'smtp_password'}
						<tr>
							<td>smtp_password</td>
							<td>******</td>
						</tr>
					{elseif $name == 'salt'}
						<tr>
							<td>salt</td>
							<td>******</td>
						</tr>
					{elseif $name == 'recaptcha_public_key'}
						<tr>
							<td>recaptcha_public_key</td>
							<td>******</td>
						</tr>
					{elseif $name == 'recaptcha_private_key'}
						<tr>
							<td>recaptcha_private_key</td>
							<td>******</td>
						</tr>
					{else}
						<tr>
							<td>{$name|escape}</td>
							<td>{$value|escape}</td>
						</tr>
				{/if}
			{/foreach}
		</tbody>
	{/foreach}
</table>

Once again, thank you to @kerimsarigul for pointing me in the right direction!

2 Likes
9

This topic was automatically closed after 5 days. New replies are no longer allowed.