You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The acme-dns database contains sensitive information such as API keys, and should not be readable by other Linux users by default. However, when I run acme-dns it creates the acme-dns.db file with its permission bits set to 644.
The text was updated successfully, but these errors were encountered:
Worth noting this issue is somewhat mitigated by the fact that the API keys are randomly generated, 40 characters long, and hashed with Bcrypt, so a database leak is very unlikely to result in usable credentials for an attacker.
The acme-dns database contains sensitive information such as API keys, and should not be readable by other Linux users by default. However, when I run acme-dns it creates the
acme-dns.db
file with its permission bits set to 644.The text was updated successfully, but these errors were encountered: