Password hashes stored world readable

Brought to you by: cyberfox

#4 Password hashes stored world readable

Milestone: MacOSX

Status: open-accepted

Owner: Morgan Schweers

Labels: Configuration (2)

Priority: 5

Updated: 2002-11-14

Created: 2002-11-05

Creator: Anonymous

Private: No

The default file permissions on UNIX systems MacOSX
included, allow for anyone to read the entire
configuration directory.

Workaround:

chmod 700 ~/.jbidwatcher
chmod go-rwx ~/.jbidwatcher/*

Discussion

Morgan Schweers - 2002-11-14

labels: 101616 -->

milestone: 154237 -->

assigned_to: cyberfox --> nobody

status: open --> open-accepted
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Morgan Schweers - 2002-11-14

Logged In: YES
user_id=19745

Greetings,
Unfortunately, there's no pure Java way to set these
permissions. It should be creating the file according to
your umask, however, so if that's set appropriately, it
should be fine.

I can add code to do a:
Runtime.getRuntime().exec("chmod og-rwx " + fname);

if it's on a Unix system, but that's a platform specific
feature, so a bit lower priority.

-- Morgan

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Morgan Schweers - 2002-11-14

labels: --> Configuration

milestone: --> MacOSX

assigned_to: nobody --> cyberfox
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Log in to post a comment.