[Pkg-erlang-devel] Bug#590539: couchdb: Wrong permissions on config files.
Sam Bisbee
sam at sbisbee.com
Mon Aug 9 15:31:41 UTC 2010
Hello Dionisio,
Thank you for submitting this ticket and helping to make Debian/CouchDB better.
I did some quick research and checked with the upstream CouchDB team, and there
is still sensitive information being stored in the config files that should not
be world readable. Specifically the server secret is generated the first time
CouchDB needs it, and is then stored in local.ini. Previous versions of CouchDB
had a default value for the server secret in their config file.
For this reason we will not be making the config files world readable in the
package. Of course, this does not stop you from changing their permissions on
your own box, though it is not a recommended configuration.
Cheers,
--
Sam Bisbee
www.sbisbee.com
More information about the Pkg-erlang-devel
mailing list