The Hidden Configurations are configuration data that is not transferred to the client and stays on the server. Therefore, these are “hidden” from the user, but are readable on the server itself in plain text. Even in the manager, this information is readable in plain text.
This does not create a secure environment for itself. However, this can create a secure environment in which the web server must be configured so that the user does not gain access to the manager.
If a Error Log is passed to the developers in the support, the content of the hidden configuration is not included and thus remain hidden from the developers.
If and in what form widgets and plugins require information from the hidden configuration is described in their respective documentation.
The hidden configurations are stored in the file
This file can be edited via a normal text editor as well as via the
The content consists of several entries containing a name with several key and value pairs. In the file itself, this information is stored as a PHP array:
<?php // File for configurations that shouldn't be shared with the user $hidden = array( 'fritzbox' => array('uri' => 'https://192.168.0.1:49443/', 'user' => 'CometVisuTestUser', 'pass' => 'pa3bvNM4j9z4') 'influx' => array('user' => 'InfluxDBTestUser', 'pass' => 'Xsdwfw324SEs') ); ?>
Even if the choice for the
name is basically free, there are
usual entries for it, which are recommended to be used. Thus, some
widgets or plug-ins without an explicit configuration can look in the usual
name for entries, which can reduce the configuration effort.
|fritzbox||The tr064 Plugin|
|influx||The diagram plugin||X|