Project

General

Profile

Bug #3686

Skins configuration files need to be secured

Added by Shaun Walbridge about 11 years ago. Updated almost 11 years ago.

Status:
Resolved
Priority:
Normal
Category:
metacat
Target version:
Start date:
11/21/2008
Due date:
% Done:

0%

Estimated time:
Bugzilla-Id:
3686

Description

Skins contain property files which contain sensitive information that shouldn't be exposed publicly. Both Perl and Tomcat need access in some form to these files to read skin properties, but direct access should be disallowed.

History

#1 Updated by Michael Daigle almost 11 years ago

We need to disallow web access. Apache deny rule?

#2 Updated by Michael Daigle almost 11 years ago

added security-constraint sections to web.xml to restrict web access to *.cfg and *.properties files.

#3 Updated by Redmine Admin over 6 years ago

Original Bugzilla ID was 3686

Also available in: Atom PDF