Re: Bug#402010: How to deal with #402010?
Am Freitag, 4. April 2008 11:50:42 schrieb Holger Levsen:
> Hi,
>
> On Friday 04 April 2008 09:18, Cajus Pollmeier wrote:
> > to virtually any kind of web application accessing some kind of
> > database/ldap passwords somewhere in the filesystem.
>
> I dont consider a web application which is used to configure the LDAP
> database and FAI configuration (to install and configure all machines in
> the network) just like any other web application.
>
> In this bug are several suggestions how to implement a way better mechanism
> to deal with the password then the current one.
If you read the comments, I'll see that it is not possible to use these
suggestions. Besides maybe the last one, but there's no propper
infrastructure in debian to use it directly.
> Also I unarchived this bug, because I think the least you can and should do
> is to document this in the README.Debian. (This=dont allow public html dirs
> for users and leave safe mode on.)
As said - I'm not responsible for the webserver setup of other people. Sure, I
can put it inside the README and close this bug - waiting until the next one
comes around and urges me to do something about it again. Ah wait, I can just
orphan the gosa packages.
> P.S.: regarding those four major ldap servers.. I think it would be a great
> start if it would be more secure with one of them :-)
You're welcome. Send patches.
Cheers,
Cajus
Reply to: