Bug #3686: Skins configuration files need to be secured - Metacat - Ecoinformatics Redmine

Actions

Copy link

Bug #3686

closed

Skins configuration files need to be secured

Added by Shaun Walbridge over 15 years ago. Updated over 15 years ago.

Status:

Resolved

Priority:

Normal

Assignee:

Michael Daigle

Category:

metacat

Target version:

1.9

Start date:

11/21/2008

Due date:

% Done:

Estimated time:

Bugzilla-Id:

3686

Description

Skins contain property files which contain sensitive information that shouldn't be exposed publicly. Both Perl and Tomcat need access in some form to these files to read skin properties, but direct access should be disallowed.

History
Notes

Actions

Copy link

Updated by Michael Daigle over 15 years ago

We need to disallow web access. Apache deny rule?

Actions

Copy link

Updated by Michael Daigle over 15 years ago

added security-constraint sections to web.xml to restrict web access to *.cfg and *.properties files.

Actions

Copy link

Updated by Redmine Admin about 11 years ago

Original Bugzilla ID was 3686

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Metacat

Custom queries

Bug #3686

Skins configuration files need to be secured

Updated by Michael Daigle over 15 years ago

Updated by Michael Daigle over 15 years ago

Updated by Redmine Admin about 11 years ago