Source: radicale Version: 0.8-1 Severity: important Control: found -1 0.8-2
Dear Debian folks, since version 0.8 Radicale has a database backend and the password for the database is specified in `/etc/radicale/config`. $ ls -lh /etc/radicale/config -rw-r--r-- 1 root root 4.0K May 17 22:35 /etc/radicale/config $ more /etc/radicale/config […] # Database URL for SQLAlchemy # dialect+driver://user:password@host/dbname[?key=value..] # For example: sqlite:///var/db/radicale.db, # postgresql://user:password@localhost/radicale # See http://docs.sqlalchemy.org/en/rel_0_8/core/engines.html#sqlalchemy.create_engine […] Could you please make the file only readable by root, meaning `chmod 640` so not everybody could read the potentially added password, where the admin forgot to change the permissions? Thanks, Paul -- System Information: Debian Release: jessie/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'stable'), (1, 'experimental') Architecture: i386 (i686) Kernel: Linux 3.14-1-686-pae (SMP w/2 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash
signature.asc
Description: This is a digitally signed message part
