Question on security facilities and security reviews

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Question on security facilities and security reviews

Shawn Y.
Hello,

1. Should there be some protection on the conf files that containing plaintext passwords?  Such as /etc/vsm/vsm.conf, /etc/vsmdeploy/deployrc, etc.  The access right for them is 644 now.

2. Beyond question 1, do you have any plan on security vulnerabilities check-up, such as HTTP, XML, and SQL injection; penetration tests, etc?

Thank you very much!

 
Reply | Threaded
Open this post in threaded view
|

RE: Question on security facilities and security reviews

ywang19
Administrator

For question 1, no, but changing the access right from 644 to 400 should prevent from access other than root. For question 2, no plan on security vulnerabilities check-up so far, and I’d like if anyone can help on this area.

 

 

-yaguang

 

From: Shawn Y. [via vsm-discuss] [mailto:ml-node+[hidden email]]
Sent: Saturday, December 12, 2015 2:10 AM
To: Wang, Yaguang
Subject: Question on security facilities and security reviews

 

Hello,

1. Should there be some protection on the conf files that containing plaintext passwords?  Such as /etc/vsm/vsm.conf, /etc/vsmdeploy/deployrc, etc.  The access right for them is 644 now.

2. Beyond question 1, do you have any plan on security vulnerabilities check-up, such as HTTP, XML, and SQL injection; penetration tests, etc?

Thank you very much!

 


If you reply to this email, your message will be added to the discussion below:

http://vsm-discuss.33411.n7.nabble.com/Question-on-security-facilities-and-security-reviews-tp285.html

To start a new topic under vsm-discuss, email [hidden email]
To unsubscribe from vsm-discuss, click here.
NAML