tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Fred Stluka <f...@bristle.com>
Subject Why does startup of Tomcat 5.0.28 server make tomcat-users.xml world-readable?...
Date Wed, 15 Sep 2004 17:01:28 GMT
Anyone know why starting the Tomcat 5.0.28 server on Linux
makes the configuration file tomcat-users.xml world-readable?
I had it set to permissions 600, but starting the server changes
it to 644.

This seems like a security hole since any user of the system can
read the plaintext passwords.

Any thoughts?  Thanks!
--Fred
--------------------------------------------------------------------------
 Fred Stluka -- mailto:fred@bristle.com -- http://bristle.com/~fred/
 Bristle Software, Inc -- http://bristle.com -- "Glad to be of service!"
--------------------------------------------------------------------------




---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message