lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
From: michael at puffin.tamucc.edu (michael williamson) Subject: Temporary Files and Web Sites (swp, ~, etc) Here's another thing: Don't put your db usernames/passwords in any file that is accessable from the web. (the don't have to be) If some other bonehead admin happens to replace your http.conf with a generic one, you don't want all your blocked files showing up automagically. Secondly, be aware that if you've got embedded usernames/passwords for db access on your system, they are generally not safe from other users of the system. -Michael
Powered by blists - more mailing lists