[
https://issues.apache.org/jira/browse/DIRSTUDIO-971?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13877704#comment-13877704
]
Kiran Ayyagari commented on DIRSTUDIO-971:
------------------------------------------
Studio already offers a secure storage feature, but not enabled by default.
> connections.xml should not be globally-readable
> -----------------------------------------------
>
> Key: DIRSTUDIO-971
> URL: https://issues.apache.org/jira/browse/DIRSTUDIO-971
> Project: Directory Studio
> Issue Type: Bug
> Components: studio-connection
> Affects Versions: 2.0.0-M8 (2.0.0.v20130628)
> Environment: Linux
> Reporter: Andrew Findlay
>
> Connection parameters are stored in the file connections.xml
> This can include bind DNs and passwords, which are stored in clear text.
> The file is globally-readable, exposing these passwords to great risk.
> Another bug notes that encrypted storage would be better, but please at least
> set the file mode so that it can only be read by its owner.
> The file is re-created every time a connection is edited, so changing the
> file mode by hand does not solve the problem. A possible workaround for Linux
> is:
> chmod 700 ~/.ApacheDirectoryStudio
--
This message was sent by Atlassian JIRA
(v6.1.5#6160)
