I know, but why doesn't the default behaviour doesn't do that? I guess there are a LOT of servers out there with that file in the open...
b. Op Friday 12 mei 2006 16:30, schreef robert lazarski: > Try: > > chmod 600 /var/lib/tomcat4/webapps/axis2 > > > /WEB-INF/conf/axis2.xml > > That'll make the file read / writable by only the owner. Other accounts > won't be able to access it. > > To make it read-only by only the ownew: > > chmod 400 /var/lib/tomcat4/webapps/axis2 > > > /WEB-INF/conf/axis2.xml > > HTH, > Robert > http://www.braziloutsource.com/ > > On 5/12/06, Bram Biesbrouck <[EMAIL PROTECTED]> wrote: > > Hi all, > > > > When I deploy axis2.war in Tomcat, the file > > > > /var/lib/tomcat4/webapps/axis2/WEB-INF/conf/axis2.xml > > (where the admin-pass is stored) > > > > is readable by all users on the system. > > I'm using Debian sarge (stable). > > > > Am I missing something or is this a serious security issue? > > > > Bram
