Mysql password stored in plain text in config file

How significant is the security risk with the current method of storing the mysql password in the config file?

Is there a way that we can encrypt the username/password in config file?



Matomo needs to access the database which is only possible by knowing the password. If one could store it hashed then this hash would become the thing that is stored in clear text and allows direct authentification. Or in other words it would be a password again.
Same for encryption: Matomo would need access to the decryption key making it completly useless.

Thefore the password is in plain text. It is the same with every other major PHP application (Wordpress, Nextcloud, etc.)

This of course doesn’t mean you can’t protect it. Make sure only the user running PHP and no other users on the servers have read access to the file.