Details
-
Improvement
-
Status: Resolved
-
Critical
-
Resolution: Fixed
-
0.7.0
-
None
Description
credentials.json and interpreter.json are created with default group-readable and world-readable permissions.
Both files can store passwords.
interpreter.json can store passwords, for example, if we have a custom repository - it'll be stored there clear text.
credentials.json obviously store passwords too
Please change default file permissions for credentials.json and interpreter.json to 0600.
Other users should not see clear text passwords.