On 2/27/07, Lionel Porcheron <[EMAIL PROTECTED]> wrote:
The file which contains user passwords (/var/lib/ejabberd/passwd.DCD) is world readable and even if this file is a binary file, having a shell account on the ejabberd server permit to find password (passwords are clear in the file).
There is a bug in postinstall script. If directory /var/lib/ejabberd does exist when ejabberd is being installed then its permissions aren't overwritten. As a workaround, simply change /var/lib/ejabberd permissions to 700. Thanks for report! -- Sergei Golovan -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

