We use cookies to ensure you get the best experience on our website
صفحهٔ اصلی گشت‌و‌گذار راهنما
ثبت نام ورود
0ct0pu5
/
squirrelmail
1
0
انشعاب 0
پرونده‌ها مشکلات 0 درخواست واکشی 0 ویکی
فهرست منبع

- Add note to conf.pl / config_default.php to warn users that set
sensitive passwords in that file to properly secure it.

Thijs Kinkhorst 19 سال پیش
والد
59a37c0d1c
کامیت
81512e1384
3فایلهای تغییر یافته به همراه28 افزوده شده و 7 حذف شده
نمای یکپارچه نمایش آمار تفاوت ها
  1. 2 0
      ChangeLog
  2. 14 6
      config/conf.pl
  3. 12 1
      config/config_default.php

+ 2 - 0
ChangeLog
مشاهده فایل 

@@ -78,6 +78,8 @@ Version 1.5.2 - CVS
 
     html output code. If third party code displays errors from address
 
     html output code. If third party code displays errors from address
 
     book object in html, errors must be sanitized and ASCII line feeds
 
     book object in html, errors must be sanitized and ASCII line feeds
 
     should be converted to html line breaks.
 
     should be converted to html line breaks.
 
+  - Add note to conf.pl / config_default.php to warn users that set
 
+    sensitive passwords in that file to properly secure it.
 
 
 
 Version 1.5.1 (branched on 2006-02-12)
 
 Version 1.5.1 (branched on 2006-02-12)
 
 --------------------------------------
 
 --------------------------------------

+ 14 - 6
config/conf.pl
مشاهده فایل 

@@ -2896,6 +2896,8 @@ sub command_fontsets {
 
 
 
 sub command61 {
 
 sub command61 {
 
     print "You can now define different LDAP servers.\n";
 
     print "You can now define different LDAP servers.\n";
 
+    print "Please ensure proper permissions for config.php when including\n";
 
+    print "sensitive passwords.\n\n";
 
     print "[ldap] command (?=help) > ";
 
     print "[ldap] command (?=help) > ";
 
     $input = <STDIN>;
 
     $input = <STDIN>;
 
     $input =~ s/[\r\n]//g;
 
     $input =~ s/[\r\n]//g;
 
@@ -3313,9 +3315,11 @@ sub command91 {
 
     print "you need to set this DSN to a valid value. The format for this is:\n";
 
     print "you need to set this DSN to a valid value. The format for this is:\n";
 
     print "mysql://user:pass\@hostname/dbname\n";
 
     print "mysql://user:pass\@hostname/dbname\n";
 
     print "Where mysql can be one of the databases PHP supports, the most common\n";
 
     print "Where mysql can be one of the databases PHP supports, the most common\n";
 
-    print "of these are mysql, msql and pgsql\n";
 
+    print "of these are mysql, msql and pgsql.\n";
 
+    print "Please ensure proper permissions for config.php when including\n";
 
+    print "sensitive passwords.\n\n";
 
     print "If the DSN is left empty (hit space and then return) the database\n";
 
     print "If the DSN is left empty (hit space and then return) the database\n";
 
-    print "related code for address books will not be used\n";
 
+    print "related code for address books will not be used.\n";
 
     print "\n";
 
     print "\n";
 
 
 
     if ( $addrbook_dsn eq "" ) {
 
     if ( $addrbook_dsn eq "" ) {
 
@@ -3353,9 +3357,11 @@ sub command93 {
 
     print "you need to set this DSN to a valid value. The format for this is:\n";
 
     print "you need to set this DSN to a valid value. The format for this is:\n";
 
     print "mysql://user:pass\@hostname/dbname\n";
 
     print "mysql://user:pass\@hostname/dbname\n";
 
     print "Where mysql can be one of the databases PHP supports, the most common\n";
 
     print "Where mysql can be one of the databases PHP supports, the most common\n";
 
-    print "of these are mysql, msql and pgsql\n";
 
+    print "of these are mysql, msql and pgsql.\n";
 
+    print "Please ensure proper permissions for config.php when including\n";
 
+    print "sensitive passwords.\n\n";
 
     print "If the DSN is left empty (hit space and then return) the database\n";
 
     print "If the DSN is left empty (hit space and then return) the database\n";
 
-    print "related code for address books will not be used\n";
 
+    print "related code for address books will not be used.\n";
 
     print "\n";
 
     print "\n";
 
 
 
     if ( $prefs_dsn eq "" ) {
 
     if ( $prefs_dsn eq "" ) {
 
@@ -3456,9 +3462,11 @@ sub command98 {
 
     print "you need to set this DSN to a valid value. The format for this is:\n";
 
     print "you need to set this DSN to a valid value. The format for this is:\n";
 
     print "mysql://user:pass\@hostname/dbname\n";
 
     print "mysql://user:pass\@hostname/dbname\n";
 
     print "Where mysql can be one of the databases PHP supports, the most common\n";
 
     print "Where mysql can be one of the databases PHP supports, the most common\n";
 
-    print "of these are mysql, msql and pgsql\n";
 
+    print "of these are mysql, msql and pgsql.\n";
 
+    print "Please ensure proper permissions for config.php when including\n";
 
+    print "sensitive passwords.\n\n";
 
     print "If the DSN is left empty (hit space and then return) the database\n";
 
     print "If the DSN is left empty (hit space and then return) the database\n";
 
-    print "related code for global SQL address book will not be used\n";
 
+    print "related code for global SQL address book will not be used.\n";
 
     print "\n";
 
     print "\n";
 
 
 
     if ( $addrbook_global_dsn eq "" ) {
 
     if ( $addrbook_global_dsn eq "" ) {

+ 12 - 1
config/config_default.php
مشاهده فایل 

@@ -10,6 +10,11 @@
 
  * conf.pl if at all possible.  That is the easiest and cleanest way
 
  * conf.pl if at all possible.  That is the easiest and cleanest way
 
  * to configure.
 
  * to configure.
 
  *
 
  *
 
+ * Note on SECURITY: some options require putting a password in this file.
 
+ * Please make sure that you adapt its permissions appropriately to avoid
 
+ * passwords being leaked to e.g. other system users. Take extra care when
 
+ * the webserver is shared with untrusted users.
 
+ *
 
  * @copyright &copy; 2000-2006 The SquirrelMail Project Team
 
  * @copyright &copy; 2000-2006 The SquirrelMail Project Team
 
  * @license http://opensource.org/licenses/gpl-license.php GNU Public License
 
  * @license http://opensource.org/licenses/gpl-license.php GNU Public License
 
  * @version $Id$
 
  * @version $Id$
 
@@ -873,6 +878,9 @@ $fontsets['tahoma'] = 'tahoma,sans-serif';
 
  *       'name' => 'Netcenter Member Directory',
 
  *       'name' => 'Netcenter Member Directory',
 
  *       'base' => 'ou=member_directory,o=netcenter.com'
 
  *       'base' => 'ou=member_directory,o=netcenter.com'
 
  *   );
 
  *   );
 
+ *
 
+ *   NOTE: please see security note at the top of this file when
 
+ *   entering a password.
 
  */
 
  */
 
 // Add your ldap server options here
 
 // Add your ldap server options here
 
 
 
@@ -943,6 +951,9 @@ $motd = "";
 
  *   The DSN is in the format: mysql://user:pass@hostname/dbname
 
  *   The DSN is in the format: mysql://user:pass@hostname/dbname
 
  *   The table is the name of the table to use within the
 
  *   The table is the name of the table to use within the
 
  *   specified database.
 
  *   specified database.
 
+ *
 
+ *   NOTE: please see security note at the top of this file when
 
+ *   entering a password.
 
  */
 
  */
 
 $addrbook_dsn = '';
 
 $addrbook_dsn = '';
 
 $addrbook_table = 'address';
 
 $addrbook_table = 'address';
 
@@ -1179,4 +1190,4 @@ $config_use_color = 2;
 
  * sent and regular output to begin, which will majorly screw
 
  * sent and regular output to begin, which will majorly screw
 
  * things up when we try to send more headers later.
 
  * things up when we try to send more headers later.
 
  */
 
  */
 
-?>
 
+?>

Contact | Legal | Takedown | Status
Self-hosted public services - About
NibbleSpot by 0ct0pu5