[imp] Password disclosure

Chuck Hagenbuch chuck@horde.org
Mon, 26 Nov 2001 23:46:58 -0500

Previous message: [imp] double logins / default identity troubles
Next message: [imp] Password disclosure
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Quoting Lars Hecking <lhecking@nmrc.ucc.ie>:

>  imp 3.0-rc2 leaves tons of files with names like
> 
>   sess_7992dce8b32fab7400409226f3bef63d
> 
>  behind in /tmp. These files are chmod 0600 and owned by the user id that
>  runs httpd.
> 
>  These files contain session details, among them the user passwords
>  in cleartext!

I implemented use of the Secret class for Horde credentials today on the plane 
on my laptop. I'll commit it tomorrow.

-chuck

--
Charles Hagenbuch, <chuck@horde.org>
"What was and what may be, lie, like children whose faces we cannot see, in the
arms of silence. All we ever have is here, now." - Ursula K. Le Guin

Previous message: [imp] double logins / default identity troubles
Next message: [imp] Password disclosure
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]