Correct way to change MySQL database user's password in Invoiceplane

Cabji · May 23, 2018, 9:13am

Hi there,

Recently my twitter account got compromised and the password was exposed in plaintext.

I now want to change passwords on many or all of my accounts, including ones to access my servers, even accounts to access servers that run behind the scenes like MySQL for my invoiceplane installation. The devastation if it got compromised would be huge for me.

What is the correct way to change the password that is used to access the mySQL server behind an invoiceplane installation?

I remember putting those details in when I installed InvoicePlane, and I can easily change the password that allows access to the mySQL server via the webhost’s cpanel, but I want to ensure InvoicePlane can still access the mySQL server before I go changing it.

Kovah · May 23, 2018, 10:04am

This depends on your setup. Please refer to the documentation of your hosting provider or the cPanel documentation.

If you change the password of your MySQL server, change the password in the ipconfig.php file. should be easy to find in the DB_PASSWORD line.

Cabji · May 23, 2018, 10:12am

Hi Kovah, thanks for the guidance.

I think I am on an older version of Invoice plane (maybe 1.4.4)

I couldn’t find ip_config.php but I found database.php in the application/config/ directory and it seems to hold a value in a hash for database password setting. Does this sound correct?

It looks like: $db[‘default’][‘password’] = ‘password’;

Kovah · May 23, 2018, 11:09am

That is correct for version 1.4. The database.php fileholds your credentials.

But consider updating, just for security reasons.

Cabji · May 23, 2018, 11:24am

I have considered updating, but I really would like to not have any down time.

Will the latest version update from 1.4.4 easily? Does the database need any conversions? What security concerns are there if I keep using 1.4.4?

What is the best upgrade path from 1.4.4? Should I do: 1.4.4 -> 1.5.0 -> 1.5.9 or do I need any other incremental updates between those?

Kovah · May 23, 2018, 5:44pm

If you are careful there should be only a little downtime while you are doing the upgrade itself. Please keep in mind to do a FULL backup of your system so you will be able to move back if something goes wrong.

I recommend updating to 1.5.0 first as some important changes were introduced in this version that need careful updating the system. You can find more information in the wiki: https://wiki.invoiceplane.com/en/1.5/getting-started/updating-ip

Please read the upgrade guide before you start the upgrade so you know what you have to do. Should take about half to an hour.

system · June 6, 2018, 5:44pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.