Bug#434762: tomcat5.5: tomcat-users.xml contains sensitive data, yet it is world-readable
Marcus Better
marcus at better.se
Thu Jul 26 16:17:28 UTC 2007
severity 434762 minor
thanks
> /var/lib/tomcat5.5/conf/tomcat-users.xml comes with file permissions
> 644.
Yes, but /var/lib/tomcat5.5 is not world-readable:
~$ ls -ld /var/lib/tomcat5.5/conf
drwxr-x--- 3 tomcat55 adm 4096 2007-07-26 09:08 /var/lib/tomcat5.5/conf/
Still we could change the file permissions to be on the safe side.
Marcus
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part.
Url : http://lists.alioth.debian.org/pipermail/pkg-java-maintainers/attachments/20070726/c0bd6821/attachment.pgp
More information about the pkg-java-maintainers
mailing list