[DIRSTUDIO-971] connections.xml should not be globally-readable - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Open
Priority: Major
Resolution: Unresolved
Affects Version/s: 2.0.0-M8 (2.0.0.v20130628)
Fix Version/s: None
Component/s: studio-connection
Labels:
None
Environment:
Linux

Description

Connection parameters are stored in the file connections.xml
This can include bind DNs and passwords, which are stored in clear text.
The file is globally-readable, exposing these passwords to great risk.
Another bug notes that encrypted storage would be better, but please at least set the file mode so that it can only be read by its owner.
The file is re-created every time a connection is edited, so changing the file mode by hand does not solve the problem. A possible workaround for Linux is:
chmod 700 ~/.ApacheDirectoryStudio

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: Andrew Findlay

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 21/Jan/14 18:02

Updated:: 22/Jan/14 17:04