Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Config file app.ini is 644 #5959

Closed
2 of 7 tasks
marcvs opened this issue Feb 4, 2019 · 0 comments · Fixed by #16266
Closed
2 of 7 tasks

Config file app.ini is 644 #5959

marcvs opened this issue Feb 4, 2019 · 0 comments · Fixed by #16266
Labels
topic/security Something leaks user information or is otherwise vulnerable. Should be fixed! type/proposal The new feature has not been accepted yet but needs to be discussed first.
Milestone
1.15.0

Comments

@marcvs
Copy link

marcvs commented Feb 4, 2019
edited
Loading

  • Gitea version (or commit ref): 1.7.1
  • Operating system: debian/buster
  • Database (use [x]):
    • PostgreSQL
    • MySQL
    • MSSQL
    • SQLite
  • Can you reproduce the bug at https://try.gitea.io:
    • Yes (provide example URL)
    • No
    • Not relevant
  • Log gist:

Description

I created a config from the standalone binary. Very nice!

Just: I've provided the smtp password for sending emails and I find this unencryped password in the app.ini config file.

Please chmod 600 this file!
@lunny lunny added the type/proposal The new feature has not been accepted yet but needs to be discussed first. label Feb 7, 2019
@6543 6543 added the topic/security Something leaks user information or is otherwise vulnerable. Should be fixed! label Jun 23, 2021
@6543 6543 added this to the 1.15.0 milestone Jun 23, 2021
@justusbunsi justusbunsi mentioned this issue Jun 27, 2021
Merged
@go-gitea go-gitea locked and limited conversation to collaborators Oct 19, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
topic/security Something leaks user information or is otherwise vulnerable. Should be fixed! type/proposal The new feature has not been accepted yet but needs to be discussed first.
Projects
None yet
Milestone
1.15.0
Development

Successfully merging a pull request may close this issue.

Make app.ini permissions more restrictive justusbunsi/gitea
3 participants
@lunny @marcvs @6543