[Pkg-vexim-devel] insecure permissions on variables.php
Cameron Gregg
cam at earthanarchy.org
Fri Nov 23 03:23:50 UTC 2007
Hi,
I just installed the vexim package. I notice it didn't initialize the
siteadmin user, the SQL seemed to be commented out in the install
script. I just copied it and ran it manually.
What I was writing to you about is that by default, the variables.php is
world readable, meaning any user can view it and get the vexim mysql
password.
I changed it to the following ownership and permission, which I think
would be a better default.
-rw-r----- 1 root www-data 2851 2007-11-18 12:58 variables.php
Thanks for the package, keep up the good work!
Cam
More information about the Pkg-vexim-devel
mailing list