[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: How to deal with #402010?



Hi,

On Friday 04 April 2008 09:18, Cajus Pollmeier wrote:
> to virtually any kind of web application accessing some kind of
> database/ldap passwords somewhere in the filesystem.

I dont consider a web application which is used to configure the LDAP database 
and FAI configuration (to install and configure all machines in the network) 
just like any other web application.

In this bug are several suggestions how to implement a way better mechanism to 
deal with the password then the current one.

Also I unarchived this bug, because I think the least you can and should do is 
to document this in the README.Debian. (This=dont allow public html dirs for 
users and leave safe mode on.) 


regards,
	Holger

P.S.: regarding those four major ldap servers.. I think it would be a great 
start if it would be more secure with one of them :-)

Attachment: pgptgLYPwYviJ.pgp
Description: PGP signature


Reply to: