You are viewing a plain text version of this content. The canonical link for it is here.
Posted to slide-dev@jakarta.apache.org by bu...@apache.org on 2005/01/19 10:36:01 UTC
DO NOT REPLY [Bug 33163] New: -
Default slide installation exposes all passwords
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=33163>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=33163
Summary: Default slide installation exposes all passwords
Product: Slide
Version: Nightly
Platform: PC
OS/Version: Linux
Status: NEW
Severity: critical
Priority: P1
Component: Security
AssignedTo: slide-dev@jakarta.apache.org
ReportedBy: ramon.casha@linux.org.mt
The default installation of slide allows any logged-in user to view the
passwords of all users by examining the properties of /users/xxx.
I think someone needs to go through the initial data set of Slide and make sure
it's more secure, setting the minimal permissions on each folder for the product
to work. I know it's just a sample but showing the password in this way is still
bad - some people might use the initial data set to build their own structure on.
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: slide-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: slide-dev-help@jakarta.apache.org