I have installed DBMAN on a webserver running SunOS 5.6. Everything is running fine, but there's a huge security leak as far as I can see. When accessing
<dbdir>/default.cfg
the file is sent back to the client providing information about the database filename etc. Same thing is then true for the database file, it is simply sent back to everybody when requested! I have set the permissions as described in the README file.
664 on the default.cfg
666 on the default.db
I have tried changing the permission for the config file to 660, but then DBMAN cannot locate it any more.
I do not have a cgi-bin (or any other script-alias) directory, so unfortunately I cannot use that as a work-around.
I would welcome any suggestions on how to solve this problem! Thank you in advance!
(For obvious reasons I do not include a link to the database here.)
Happy easter from Germany!
Joerg.
<dbdir>/default.cfg
the file is sent back to the client providing information about the database filename etc. Same thing is then true for the database file, it is simply sent back to everybody when requested! I have set the permissions as described in the README file.
664 on the default.cfg
666 on the default.db
I have tried changing the permission for the config file to 660, but then DBMAN cannot locate it any more.
I do not have a cgi-bin (or any other script-alias) directory, so unfortunately I cannot use that as a work-around.
I would welcome any suggestions on how to solve this problem! Thank you in advance!
(For obvious reasons I do not include a link to the database here.)
Happy easter from Germany!
Joerg.