Gossamer Forum: Products: Gossamer Mail: Discussion: Isn't this a Security Threat?: Edit Log

Gossamer Threads

Home : Products : Gossamer Mail : Discussion :

Products: Gossamer Mail: Discussion: Isn't this a Security Threat?: Edit Log

Here is the list of edits for this post

May 3, 2003, 9:37 PM

anup123

Veteran (1290 posts)

May 3, 2003, 9:37 PM

Isn't this a Security Threat?

The *.def files have 666 permission by setup. Now this would mean that a client hosted on the same server as the webmail would just have to do a cat /path_to_def_files and see the database name and password.

Then the same client can connect to Mysql database and play destructively with it wipe off all the tables in a flash.....Correct me if I am wrong.

Isn't this insecure? How to make sure that such a happening is made impossible..... why do the def files and the def directory have to be world readable?

Anup

Last edited by:

anup123: May 3, 2003, 9:40 PM

Edit Log:

Post edited by anup123 Post edited by anup123 (Veteran) on May 3, 2003, 9:40 PM

Gossamer Threads is a Vancouver-based company with over 28 years experience in web technology. From development to hosting, we partner with leading organizations around the globe and help to build their web presences, strategies and infrastructures.

Let’s talk: 1-877-715-7676