You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Fred Stluka <fr...@bristle.com> on 2004/09/15 19:01:28 UTC
Why does startup of Tomcat 5.0.28 server make tomcat-users.xml
world-readable?...
Anyone know why starting the Tomcat 5.0.28 server on Linux
makes the configuration file tomcat-users.xml world-readable?
I had it set to permissions 600, but starting the server changes
it to 644.
This seems like a security hole since any user of the system can
read the plaintext passwords.
Any thoughts? Thanks!
--Fred
--------------------------------------------------------------------------
Fred Stluka -- mailto:fred@bristle.com -- http://bristle.com/~fred/
Bristle Software, Inc -- http://bristle.com -- "Glad to be of service!"
--------------------------------------------------------------------------
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org