Hi, On Friday 04 April 2008 09:18, Cajus Pollmeier wrote: > to virtually any kind of web application accessing some kind of > database/ldap passwords somewhere in the filesystem.
I dont consider a web application which is used to configure the LDAP database
and FAI configuration (to install and configure all machines in the network)
just like any other web application.
In this bug are several suggestions how to implement a way better mechanism to
deal with the password then the current one.
Also I unarchived this bug, because I think the least you can and should do is
to document this in the README.Debian. (This=dont allow public html dirs for
users and leave safe mode on.)
regards,
Holger
P.S.: regarding those four major ldap servers.. I think it would be a great
start if it would be more secure with one of them :-)
pgpb3xTTNqVZz.pgp
Description: PGP signature
