Since version 2.25.45, the database parameters in config.php can be used encrypted instead of in clear text. This way, if someone not authorized gets access to the config.php file, he won't be able to open the Team Password Manager database.
To encrypt the database parameters do the following:
1. In Team Password Manager, logged in as Admin or IT, go to Settings and then Encrypt DB Config.
2. Open config.php and put this on the top: define('ENCRYPT_DB_CONFIG', 1);
3. Also in config.php: delete the lines with the defines of the current db parameters (CONFIG_HOSTNAME, CONFIG_USERNAME, CONFIG_PASSWORD, CONFIG_DATABASE and CONFIG_PORT if you have it).
4. Copy and paste the new defines as shown on your Encrypt DB Config page into config.php. This is an example of how you can see the Encrypt DB config page:
So now in config.php you'll have the database parameters as encrypted strings:
define('ENCRYPT_DB_CONFIG', 1); define('CONFIG_HOSTNAME', 'VnHHBDYYLdHrtUbwNl8hojvIzaM6ptbeb___SAMPLE_YOURS_WILL_BE_DIFFERENT___'); define('CONFIG_USERNAME', '45E5YEEAJGn6RaNaX1JSnYAkruJ/G3XjR___SAMPLE_YOURS_WILL_BE_DIFFERENT___'); define('CONFIG_PASSWORD', '+0zwAHCXUj2IjYBPlp3pa6PJSwvgXbwER___SAMPLE_YOURS_WILL_BE_DIFFERENT___'); define('CONFIG_DATABASE', 'qwJMAQ04nTr5P07suySrm/Q/444yUKMu1___SAMPLE_YOURS_WILL_BE_DIFFERENT___');
Save config.php and reload Settings | Encrypt DB Config. You should see a message explaining that the db parameters are encrypted.