From f82b6cb73412a8a134b3b563920d1a6ce60795ca Mon Sep 17 00:00:00 2001
From: Tim Otten <totten@civicrm.org>
Date: Tue, 16 Aug 2016 19:04:42 -0700
Subject: [PATCH] CRM-19223 - bin/encryptDB.php - Completely disable by default

Arguably, it's sufficient to check for administrative privileges...  since
an administrator can do this kind of damage anyway...  but this use-case is
so broad, dangerous, and uncommon that it really shouldn't be available
unless you take extraordinary measures.

It's tempting to remove the file entirely, but some upgrade workflows don't
properly handle deleted files, and some users may still want access to this
code so that they can run it themselves.
---
 bin/encryptDB.php | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/bin/encryptDB.php b/bin/encryptDB.php
index 16ae38e656..18b6754988 100644
--- a/bin/encryptDB.php
+++ b/bin/encryptDB.php
@@ -25,6 +25,13 @@
  +--------------------------------------------------------------------+
  */
 
+die("This script is disabled because it is dangerous. If you need it, please duplicate it elsewhere and provide your own secure workflow. This example file will be removed in the future.");
+
+// TIP: If/when we do delete this file, take care to affirmatively check for
+// deletion as part of the status-check infrastructure. Some upgrade workflows
+// don't clear out old files properly, and there's no telling the history
+// of upgrades that have been performed.
+
 /**
  *
  * @package CRM
-- 
2.25.1