HomeForumsBugs
 Database Security. Database Auditing. Database Caching. Database Masking. Get it now

Permissions on config file world-readable

Posted December 11th, 2009 by nmacgreg
in

One word of feedback - after a default install from RPM, the configuration files in /etc/greensql/ are marked with permissions 644, and since one contains the name of the database, the userid, and the password, it's important that they NOT be readable by everyone on the system. Permissions of 600 would be an appropriate default, I think.

I pulled down the latest RPM "greensql-fw-1.2.0-6.1.i386.rpm", installed it & configured it to work with my custom app in just a few minutes. Ran a crawler against my site & found almost zero performance impacts, and it didn't break anything. I'm impressed, great idea, good execution - congratulations!

‹ Feature: Have GreenSQL automatically remove / disable databases that have been dropped You had successfully bypassed GreenSQL protection. Please share your experience in the support forum. ›

Comments

Thank you for your feedback.

On December 11th, 2009 yuli says:

Thank you for your feedback. We will check this issue and will try to address it with the next application release.

We are working hard increasing GreenSQL possibilities as time passes, and we really appreciate such reviews and interest which validates out hard work.

If you have any idea how we can improve the product, please let us know and we'll add it to our development roadmap.

Thanks,
Yuli

Back to top