[jbm]

Out of curiosity, how could one program something to access the DB without storing the password somewhere on the server? That seems to be the main weakness they are discussing, but it doesn't seem to be easy to store the password on the server without a trivial way to exploit it.

[russell]

You could store an encrypted password with the key hard coded. This is a little better, because it makes it more difficult for a disgruntled employee to walk off with the database password. Saving the key in a text file is little better than saving the password in plaintext. Saving credentials on a server that can be accessed only on the internal net is better than saving them on a public facing server. The problem is that these solutions are not typically available from your cheap hosting service.

[jbm]

I had originally considered the encrypted / hardcoded password, but wouldn't one simply need to grab the decryption code with the same hack (files set to 0777) and have access?

Not trying to be flippant, it just doesn't strike me as easy to do.

A determined attacker with read-write access to the server is going to be able to do whatever they want, whether or not we encrypt the PW. The only thing that could reduce the damage level would be to avoid code monoculture; the only reason someone was determined enough to do so in this case was because there were thousands of blogs hosted on that shared host, all of which share the exact same vulnerabilities.