Christian Perrier wrote: > Quoting Suresh Chandrasekharan ([EMAIL PROTECTED]): > > >> One concern that I heard in the #pootle channel is that the ability to >> do this will compromise >> system security (in case the Pootle system is shared by different admins >> who are hostile >> to each other) by somebody who will try out different path combinations >> and get the >> access to secret po files which he is not authorized to read... Would >> like to get feedback >> regarding this. >> > > Isn't this a concern only when people are running Pootle as root? > > When running Pootle as a non privileged user, these "secret" files > will remain protected (unless of course they're world-readable....). > > > Sure, I thought people were concerned with the fact that this will allow admins to wildly explore and will expose .po files in directories which are world readable but they don't have any other way of accessing. Just think of this as someone randomly trying some paths and hitting upon some thing which they should not see.
You're right that this won't hurt a system with proper permissions, but will further weaken ones which are already compromised. Not sure this is an issue... > ------------------------------------------------------------------------- > Sponsored by: SourceForge.net Community Choice Awards: VOTE NOW! > Studies have shown that voting for your favorite open source project, > along with a healthy diet, reduces your potential for chronic lameness > and boredom. Vote Now at http://www.sourceforge.net/community/cca08 > _______________________________________________ > Translate-pootle mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/translate-pootle > ------------------------------------------------------------------------- Sponsored by: SourceForge.net Community Choice Awards: VOTE NOW! Studies have shown that voting for your favorite open source project, along with a healthy diet, reduces your potential for chronic lameness and boredom. Vote Now at http://www.sourceforge.net/community/cca08 _______________________________________________ Translate-pootle mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/translate-pootle
