Welcome,
Guest
. Please
login
or
register
.
Did you miss your
activation email
?
1 Hour
1 Day
1 Week
1 Month
Forever
Login with username, password and session length
Home
Help
Search
Login
Register
Roundcube Community Forum
»
SVN Releases
»
Requests
»
chmod 600 config/db.inc.php
« previous
next »
Print
Pages: [
1
]
Author
Topic: chmod 600 config/db.inc.php (Read 7799 times)
zoidberg
Newbie
Posts: 8
chmod 600 config/db.inc.php
«
on:
July 30, 2008, 09:26:59 PM »
This file holds my postgresql password in the clear. It should not, and need not be world-readable.
:eek:
Logged
zoidberg
bpat1434
Administrator
Hero Member
Posts: 673
chmod 600 config/db.inc.php
«
Reply #1 on:
July 31, 2008, 03:48:36 PM »
Yes, while it does hold your password in the clear, if someone attempts to view it through the browser, because it is a php file, it will be parsed an nothing but white-space will be outputted. So there is no security issue there. If someone does hack your RC installation, it's via FTP or some other attack and your database password is the least of your worries. Most likely they'll have your FTP password and that would be more pertinent
Logged
zoidberg
Newbie
Posts: 8
chmod 600 config/db.inc.php
«
Reply #2 on:
July 31, 2008, 08:41:32 PM »
Quote from: bpat1434;13172
So there is no security issue there.
I'm running roundcube on a machine which has shell account users. Why should they be simply able to cat the file? My point is that world-readability of db.inc.php is
unnecessary
for roundcube's operation, therefore should not exist. That's just good engineering practice, or so it seems to me. Lord knows I am not attorney, that's just my opinion, and I could be wrong!
Logged
zoidberg
smultronstallet
Jr. Member
Posts: 11
chmod 600 config/db.inc.php
«
Reply #3 on:
August 04, 2008, 04:21:13 PM »
You might want to try changing the group of the
db.inc.php
to your web server's user (
www
or
apache
or whatever it is on your system). Then only make users who need to access that file a member of that group.
chgrp www /path/to/db.inc.php
chmod 770 /path/to/db.inc.php
Then change your all your users' group access with
vigr
, or whatever command your system uses to manage groups.
Just a suggestion.
Logged
zoidberg
Newbie
Posts: 8
chmod 600 config/db.inc.php
«
Reply #4 on:
August 04, 2008, 11:51:56 PM »
Oh yes, thanks, I have the thing squared away on my end to my satisfaction, with the world-read bit turned off. My point was to suggest that roundcube should not initially install db.inc.php in a world-readable state.
Logged
zoidberg
Print
Pages: [
1
]
« previous
next »
Roundcube Community Forum
»
SVN Releases
»
Requests
»
chmod 600 config/db.inc.php