[#MODPYTHON-173] DbmSession creates world readable db file

mod_python

DbmSession creates world readable db file

Created: 23/Jun/06 07:00 AM Updated: 17/Apr/07 10:55 AM

Return to search

Component/s:

session

Affects Version/s:

3.2.8

Fix Version/s:

3.2.10, 3.3.1

Time Tracking:

Not Specified

Resolution Date:

29/Jul/06 10:17 AM

Description

« Hide

DbmSession uses the default mode when creating the db file. As a result the file is world readable, which may be undesirable where sensitive informaiton is stored in the session. Currently the users are required to chmod the file manually. This can be fixed by using the option mode argument when the file is opened.

Quoting from the python anydbm documentation:

open( filename[, flag[, mode]]

The optional mode argument is the Unix mode of the file, used only when the database has to be created. It defaults to octal 0666 (and will be modified by the prevailing umask).

All

Comments

Work Log

Change History

Subversion Commits

Sort Order:

Repository	Revision	Date	User	Message
ASF	#416522	Fri Jun 23 00:22:47 UTC 2006	jgallacher	Fixed DbmSession file creation such that the db file will be created with mode 0640. (~~MODPYTHON-173~~)
				Files Changed
				MODIFY /httpd/mod_python/trunk/lib/python/mod_python/Session.py

Repository	Revision	Date	User	Message
ASF	#416523	Fri Jun 23 00:25:29 UTC 2006	jgallacher	Backport of DbmSession file mode creation fix. (~~MODPYTHON-173~~)
				Files Changed
				MODIFY /httpd/mod_python/branches/3.2.x/lib/python/mod_python/Session.py

Repository	Revision	Date	User	Message
ASF	#416527	Fri Jun 23 00:29:23 UTC 2006	jgallacher	Updated changes section of docs. (~~MODPYTHON-173~~)
				Files Changed
				MODIFY /httpd/mod_python/trunk/Doc/appendixc.tex

Repository	Revision	Date	User	Message
ASF	#416529	Fri Jun 23 00:29:53 UTC 2006	jgallacher	Updated changes section of docs. (~~MODPYTHON-173~~)
				Files Changed
				MODIFY /httpd/mod_python/branches/3.2.x/Doc/appendixc.tex