DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=33163>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND· INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=33163 Summary: Default slide installation exposes all passwords Product: Slide Version: Nightly Platform: PC OS/Version: Linux Status: NEW Severity: critical Priority: P1 Component: Security AssignedTo: slide-dev@jakarta.apache.org ReportedBy: [EMAIL PROTECTED] The default installation of slide allows any logged-in user to view the passwords of all users by examining the properties of /users/xxx. I think someone needs to go through the initial data set of Slide and make sure it's more secure, setting the minimal permissions on each folder for the product to work. I know it's just a sample but showing the password in this way is still bad - some people might use the initial data set to build their own structure on. -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]