Project

General

Profile

Actions

Bug #3686

closed

Skins configuration files need to be secured

Added by Shaun Walbridge about 16 years ago. Updated almost 16 years ago.

Status:
Resolved
Priority:
Normal
Category:
metacat
Target version:
Start date:
11/21/2008
Due date:
% Done:

0%

Estimated time:
Bugzilla-Id:
3686

Description

Skins contain property files which contain sensitive information that shouldn't be exposed publicly. Both Perl and Tomcat need access in some form to these files to read skin properties, but direct access should be disallowed.

Actions #1

Updated by Michael Daigle almost 16 years ago

We need to disallow web access. Apache deny rule?

Actions #2

Updated by Michael Daigle almost 16 years ago

added security-constraint sections to web.xml to restrict web access to *.cfg and *.properties files.

Actions #3

Updated by Redmine Admin over 11 years ago

Original Bugzilla ID was 3686

Actions

Also available in: Atom PDF