sensitive passwords in that file to properly secure it.
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@11184
7612ce4b-ef26-0410-bec9-
ea0150e637f0
html output code. If third party code displays errors from address
book object in html, errors must be sanitized and ASCII line feeds
should be converted to html line breaks.
html output code. If third party code displays errors from address
book object in html, errors must be sanitized and ASCII line feeds
should be converted to html line breaks.
+ - Add note to conf.pl / config_default.php to warn users that set
+ sensitive passwords in that file to properly secure it.
Version 1.5.1 (branched on 2006-02-12)
--------------------------------------
Version 1.5.1 (branched on 2006-02-12)
--------------------------------------
sub command61 {
print "You can now define different LDAP servers.\n";
sub command61 {
print "You can now define different LDAP servers.\n";
+ print "Please ensure proper permissions for config.php when including\n";
+ print "sensitive passwords.\n\n";
print "[ldap] command (?=help) > ";
$input = <STDIN>;
$input =~ s/[\r\n]//g;
print "[ldap] command (?=help) > ";
$input = <STDIN>;
$input =~ s/[\r\n]//g;
print "you need to set this DSN to a valid value. The format for this is:\n";
print "mysql://user:pass\@hostname/dbname\n";
print "Where mysql can be one of the databases PHP supports, the most common\n";
print "you need to set this DSN to a valid value. The format for this is:\n";
print "mysql://user:pass\@hostname/dbname\n";
print "Where mysql can be one of the databases PHP supports, the most common\n";
- print "of these are mysql, msql and pgsql\n";
+ print "of these are mysql, msql and pgsql.\n";
+ print "Please ensure proper permissions for config.php when including\n";
+ print "sensitive passwords.\n\n";
print "If the DSN is left empty (hit space and then return) the database\n";
print "If the DSN is left empty (hit space and then return) the database\n";
- print "related code for address books will not be used\n";
+ print "related code for address books will not be used.\n";
print "\n";
if ( $addrbook_dsn eq "" ) {
print "\n";
if ( $addrbook_dsn eq "" ) {
print "you need to set this DSN to a valid value. The format for this is:\n";
print "mysql://user:pass\@hostname/dbname\n";
print "Where mysql can be one of the databases PHP supports, the most common\n";
print "you need to set this DSN to a valid value. The format for this is:\n";
print "mysql://user:pass\@hostname/dbname\n";
print "Where mysql can be one of the databases PHP supports, the most common\n";
- print "of these are mysql, msql and pgsql\n";
+ print "of these are mysql, msql and pgsql.\n";
+ print "Please ensure proper permissions for config.php when including\n";
+ print "sensitive passwords.\n\n";
print "If the DSN is left empty (hit space and then return) the database\n";
print "If the DSN is left empty (hit space and then return) the database\n";
- print "related code for address books will not be used\n";
+ print "related code for address books will not be used.\n";
print "\n";
if ( $prefs_dsn eq "" ) {
print "\n";
if ( $prefs_dsn eq "" ) {
print "you need to set this DSN to a valid value. The format for this is:\n";
print "mysql://user:pass\@hostname/dbname\n";
print "Where mysql can be one of the databases PHP supports, the most common\n";
print "you need to set this DSN to a valid value. The format for this is:\n";
print "mysql://user:pass\@hostname/dbname\n";
print "Where mysql can be one of the databases PHP supports, the most common\n";
- print "of these are mysql, msql and pgsql\n";
+ print "of these are mysql, msql and pgsql.\n";
+ print "Please ensure proper permissions for config.php when including\n";
+ print "sensitive passwords.\n\n";
print "If the DSN is left empty (hit space and then return) the database\n";
print "If the DSN is left empty (hit space and then return) the database\n";
- print "related code for global SQL address book will not be used\n";
+ print "related code for global SQL address book will not be used.\n";
print "\n";
if ( $addrbook_global_dsn eq "" ) {
print "\n";
if ( $addrbook_global_dsn eq "" ) {
* conf.pl if at all possible. That is the easiest and cleanest way
* to configure.
*
* conf.pl if at all possible. That is the easiest and cleanest way
* to configure.
*
+ * Note on SECURITY: some options require putting a password in this file.
+ * Please make sure that you adapt its permissions appropriately to avoid
+ * passwords being leaked to e.g. other system users. Take extra care when
+ * the webserver is shared with untrusted users.
+ *
* @copyright © 2000-2006 The SquirrelMail Project Team
* @license http://opensource.org/licenses/gpl-license.php GNU Public License
* @version $Id$
* @copyright © 2000-2006 The SquirrelMail Project Team
* @license http://opensource.org/licenses/gpl-license.php GNU Public License
* @version $Id$
* 'name' => 'Netcenter Member Directory',
* 'base' => 'ou=member_directory,o=netcenter.com'
* );
* 'name' => 'Netcenter Member Directory',
* 'base' => 'ou=member_directory,o=netcenter.com'
* );
+ *
+ * NOTE: please see security note at the top of this file when
+ * entering a password.
*/
// Add your ldap server options here
*/
// Add your ldap server options here
* The DSN is in the format: mysql://user:pass@hostname/dbname
* The table is the name of the table to use within the
* specified database.
* The DSN is in the format: mysql://user:pass@hostname/dbname
* The table is the name of the table to use within the
* specified database.
+ *
+ * NOTE: please see security note at the top of this file when
+ * entering a password.
*/
$addrbook_dsn = '';
$addrbook_table = 'address';
*/
$addrbook_dsn = '';
$addrbook_table = 'address';
* sent and regular output to begin, which will majorly screw
* things up when we try to send more headers later.
*/
* sent and regular output to begin, which will majorly screw
* things up when we try to send more headers later.
*/
-?>
\ No newline at end of file