https://issues.apache.org/bugzilla/show_bug.cgi?id=47507
Summary: tomcat-users.xml is rewritten and made world-readable on startup (!) Product: Tomcat 5 Version: 5.5.23 Platform: PC OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: Catalina AssignedTo: dev@tomcat.apache.org ReportedBy: tutu...@gmail.com The file tomcat-users.xml, which may/does contain password information, is made world-readable on startup, perhaps as a side effect of being rewritten. The rewriting itself seems like a bug (why is this being done?), but chmod'ing the file to be world-readable is a serious security problem. -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org