On Thursday, September 11, 2003, at 01:22 PM, Ken Jones wrote:
The issue about sql login being compiled in also brings up
another issue.. By putting the sql information into
a ~vpopmail/etc file it solves the issue as long as all
email domains are owned by vpopmail. If any domains
are under a non-vpopmail user, then the sql information
file needs to be readable by all. In that case I would
recomend not allowing shell access, and chrooting
ftp access to a users home directory.

This is an interesting point and I'd love to find a clean solution to this issue.

Are you saying that it's possible to run some of the vpopmail utilities as a user other than root or vpopmail? I figured that for the add/del/mod domain commands, you'd have to be root since they modify qmail control files. When running vchkpw on a system that uses cdb, it needs read access to the vpasswd file in the domain directory.

Can anyone think of other apps that have to deal with the issue of storing MySQL login information securely?

Tom Collins
QmailAdmin: http://qmailadmin.sf.net/  Vpopmail: http://vpopmail.sf.net/
Info on the Sniffter hand-held Network Tester: http://sniffter.com/

Reply via email to