You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Thank you for your issue! As the data folder has the permission 700, it is not a serious security risk for now, as the data in the folder with permissions 644 is still unreadable for unauthorised users. I will change that with the next commit.
./data/filestorage.db/meta.json is created by a library, I would rather not change the permission manually, as is having the executable bit is not really a big concern.
I will change the ssl certificate permissions however.
Environment
gokapi
Files with insecure permissions
./config/ssl.crt
./config/ssl.key
./data/filestorage.db/meta.json
Also, suggestion to set more secure permissions on log and uploaded content
./data/log.txt
as well uploaded blobs (filenames as hashes) should have permissions 600 instead of 644
The text was updated successfully, but these errors were encountered: