From: Tim Otten <totten@civicrm.org>
Date: Wed, 17 Aug 2016 02:04:42 +0000 (-0700)
Subject: CRM-19223 - bin/encryptDB.php - Completely disable by default
X-Git-Url: https://vcs.fsf.org/?a=commitdiff_plain;h=f82b6cb73412a8a134b3b563920d1a6ce60795ca;p=civicrm-core.git

CRM-19223 - bin/encryptDB.php - Completely disable by default

Arguably, it's sufficient to check for administrative privileges...  since
an administrator can do this kind of damage anyway...  but this use-case is
so broad, dangerous, and uncommon that it really shouldn't be available
unless you take extraordinary measures.

It's tempting to remove the file entirely, but some upgrade workflows don't
properly handle deleted files, and some users may still want access to this
code so that they can run it themselves.
---

diff --git a/bin/encryptDB.php b/bin/encryptDB.php
index 16ae38e656..18b6754988 100644
--- a/bin/encryptDB.php
+++ b/bin/encryptDB.php
@@ -25,6 +25,13 @@
  +--------------------------------------------------------------------+
  */
 
+die("This script is disabled because it is dangerous. If you need it, please duplicate it elsewhere and provide your own secure workflow. This example file will be removed in the future.");
+
+// TIP: If/when we do delete this file, take care to affirmatively check for
+// deletion as part of the status-check infrastructure. Some upgrade workflows
+// don't clear out old files properly, and there's no telling the history
+// of upgrades that have been performed.
+
 /**
  *
  * @package CRM