Re: Passwords in binaries

Gabriel Ambuehl Mon, 01 Oct 2001 06:25:43 -0700

-----BEGIN PGP SIGNED MESSAGE-----

Hello Doug,


Monday, October 01, 2001, 3:48:20 PM, you wrote:

> Hi,

>         I've been looking into using MySQL instead of CDB for
> VPopMail, but I noticed that the MySQL username and password were
> stored in the
> binaries.  This is a significant problem for me, since any user
> could do `strings vchkpw` and find the username/password to connect
> to MySQL.  

Have a look at
http://www.securityfocus.com/cgi-bin/archive.pl?id=1&mid=212036



>         I realize that I can setup a username/password that only
> has access to the VPopMail data, but even that is too much access,
> IMHO.
>         Are there plans to store this information in a config file
> that can be set to only be read by the VPopMail user/group?


What does this get you over the alternative of having chmod 100 on
the vpopmail files?





Best regards,
 Gabriel


-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5i

iQEVAwUBO7hok8Za2WpymlDxAQGkhAgAnzes7GNG0Z5rOVMzh47PBF4DM1LkBgeI
Z9FNy5k/YU66pqMLxt+RKAJUkGC6GGg1cENuM9IFdzRc/qaSyX2SfwIPgoghWLIp
eeMcxR6MwQ3GbwdNvy8fVzblr4yLR1mPkNJZFiRI6Ep5/JXbYzNsHcJ9yjSKP2UN
AOdNoYw5cbo2yW1QHMBkBhQ7YbisJwMwj7du9a1c7tyEB92qsnBiRQG2eXWzZx3p
oQ33W819V1cJEV8qGJx3/X1ZL3YGd0MNxZE/jbHRhLUp2q1DxGJh9E9TZrfpwlp8
+6IKEzVyX5flTnFPVQr8Je2qh8ywYU1/rzjOsAKsKsvjak3EW4D5SA==
=ocAl
-----END PGP SIGNATURE-----

Re: Passwords in binaries

Reply via email to