Bug #3686
Skins configuration files need to be secured
Start date:
11/21/2008
Due date:
% Done:
0%
Estimated time:
Bugzilla-Id:
3686
Description
Skins contain property files which contain sensitive information that shouldn't be exposed publicly. Both Perl and Tomcat need access in some form to these files to read skin properties, but direct access should be disallowed.
History
#1 Updated by Michael Daigle about 12 years ago
We need to disallow web access. Apache deny rule?
#2 Updated by Michael Daigle about 12 years ago
added security-constraint sections to web.xml to restrict web access to *.cfg and *.properties files.
#3 Updated by Redmine Admin almost 8 years ago
Original Bugzilla ID was 3686