DbmSession creates world readable db file
-----------------------------------------

         Key: MODPYTHON-173
         URL: http://issues.apache.org/jira/browse/MODPYTHON-173
     Project: mod_python
        Type: Bug

  Components: session  
    Versions: 3.2.8    
    Reporter: Jim Gallacher
 Assigned to: Jim Gallacher 
     Fix For: 3.2.x


DbmSession uses the default mode when creating the db file. As a result the 
file is world readable, which may be undesirable where sensitive informaiton is 
stored in the session. Currently the users are required to chmod the file 
manually. This can be fixed by using the option mode argument when the file is 
opened.

Quoting from the python anydbm documentation:

open(   filename[, flag[, mode]]

The optional mode argument is the Unix mode of the file, used only when the 
database has to be created. It defaults to octal 0666 (and will be modified by 
the prevailing umask).


-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira

Reply via email to