You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
After a new installation of Dolibarr via Dolideb the configuration file /etc/dolibarr/conf.php is user readable. Since this file also has the password for the database in plaintext, this issue forms a security hazard.
See the contents of the /etc/dolibarr directory on my machine.
user@thinktop2:/etc/dolibarr$ ls -l
total 12
-rw-rw-r-- 1 root www-data 1702 Feb 1 12:59 conf.php
-rw-rw---- 1 root www-data 1840 Feb 1 12:39 install.forced.php
-rw-r--r-- 1 root root 1875 May 12 2015 install.forced.php.install
user@thinktop2:/etc/dolibarr$
I use Dolibarr 13.0.0-4 on Debian Bullseye.
I would suggest to change the permissions for this file to 0660.
The text was updated successfully, but these errors were encountered:
jhaand
changed the title
Default /etc/dolibarr/conf.php from dolidebb is user readable
Default /etc/dolibarr/conf.php from Dolideb is user readable
Feb 1, 2021
After a new installation of Dolibarr via Dolideb the configuration file /etc/dolibarr/conf.php is user readable. Since this file also has the password for the database in plaintext, this issue forms a security hazard.
See the contents of the /etc/dolibarr directory on my machine.
I use Dolibarr 13.0.0-4 on Debian Bullseye.
I would suggest to change the permissions for this file to 0660.
The text was updated successfully, but these errors were encountered: