View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0004008 | Composr | [All Projects] General / Uncategorised | public | 2019-12-15 02:17 | 2019-12-15 02:17 |
| Reporter | Chris Graham | Assigned To | Chris Graham | ||
| Severity | Security-hole | ||||
| Status | resolved | Resolution | fixed | ||
| Product Version | 10.0.28 | ||||
| Fixed in Version | |||||
| Summary | 0004008: Backups should be given reduced privileges | ||||
| Description | Backup files will contain database passwords, and therefore should not be given world-readable permissions. That said, if you have a webserver and there are potentially malicious users on it that can access files between one site and another, you have bigger problems - you should protect yourself with tools like open_basedir, jailshell, or preferably not using shared servers. | ||||
| Tags | No tags attached. | ||||
| Time estimation (hours) | |||||
| Sponsorship open | |||||
|
|
Fixed in git commit 314d9ed21 (https://gitlab.com/composr-foundation/composr/commit/314d9ed21 - link will become active once code pushed to GitLab) A hotfix (a TAR of files to upload) have been uploaded to this issue. These files are made to the latest intra-version state (i.e. may roll in earlier fixes too if made to the same files) - so only upload files newer than what you have already. Always take backups of files you are replacing or keep a copy of the manual installer for your version, and only apply fixes you need. These hotfixes are not necessarily reliable or well supported. Not sure how to extract TAR files to your Windows computer? Try 7-zip (http://www.7-zip.org/). hotfix-4008, 2019-12-15 2am.tar (188,928 bytes) |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2023-02-26 18:29 | Chris Graham | Category | General => General / Uncategorised |
