Skip to content

Config file app.ini is 644 #5959

Closed
@marcvs

Description

@marcvs
  • Gitea version (or commit ref): 1.7.1
  • Operating system: debian/buster
  • Database (use [x]):
    • PostgreSQL
    • MySQL
    • MSSQL
    • SQLite
  • Can you reproduce the bug at https://try.gitea.io:
    • Yes (provide example URL)
    • No
    • Not relevant
  • Log gist:

Description

I created a config from the standalone binary. Very nice!

Just: I've provided the smtp password for sending emails and I find this unencryped password in the app.ini config file.

Please chmod 600 this file!

Metadata

Metadata

Assignees

No one assigned

    Labels

    topic/securitySomething leaks user information or is otherwise vulnerable. Should be fixed!type/proposalThe new feature has not been accepted yet but needs to be discussed first.

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions