axis-java-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "robert lazarski" <robertlazar...@gmail.com>
Subject Re: Axis2 security flaw?
Date Fri, 12 May 2006 14:30:13 GMT
Try:

chmod 600 /var/lib/tomcat4/webapps/axis2
>
> /WEB-INF/conf/axis2.xml



That'll make the file read / writable by only the owner. Other accounts
won't be able to access it.

To make it read-only by only the ownew:

chmod 400 /var/lib/tomcat4/webapps/axis2
>
> /WEB-INF/conf/axis2.xml



HTH,
Robert
http://www.braziloutsource.com/

On 5/12/06, Bram Biesbrouck <b@beligum.org> wrote:
>
> Hi all,
>
> When I deploy axis2.war in Tomcat, the file
>
> /var/lib/tomcat4/webapps/axis2/WEB-INF/conf/axis2.xml
> (where the admin-pass is stored)
>
> is readable by all users on the system.
> I'm using Debian sarge (stable).
>
> Am I missing something or is this a serious security issue?
>
> Bram
>

Mime
View raw message