You are viewing a plain text version of this content. The canonical link for it is here.

Posted to slide-dev@jakarta.apache.org by bu...@apache.org on 2005/01/19 10:36:01 UTC

DO NOT REPLY [Bug 33163] New: - Default slide installation exposes all passwords

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=33163>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=33163

           Summary: Default slide installation exposes all passwords
           Product: Slide
           Version: Nightly
          Platform: PC
        OS/Version: Linux
            Status: NEW
          Severity: critical
          Priority: P1
         Component: Security
        AssignedTo: slide-dev@jakarta.apache.org
        ReportedBy: ramon.casha@linux.org.mt


The default installation of slide allows any logged-in user to view the
passwords of all users by examining the properties of /users/xxx.

I think someone needs to go through the initial data set of Slide and make sure
it's more secure, setting the minimal permissions on each folder for the product
to work. I know it's just a sample but showing the password in this way is still
bad - some people might use the initial data set to build their own structure on.

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

---------------------------------------------------------------------
To unsubscribe, e-mail: slide-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: slide-dev-help@jakarta.apache.org