You are here: Foswiki>Tasks Web>Item11935 (02 Dec 2012, GeorgeClark)Edit Attach

Item11935: Set the umask explicitly while creating session files.

Priority: Enhancement
Current State: Closed
Released In: 1.1.6
Target Release: patch
Applies To: Engine
Branches: Release01x01 trunk
Reported By: MichaelDaum
Waiting For:
Last Change By: GeorgeClark
This improves the default security when creating session objects in the file system. Before, all session files have been created with a default 0660 permission setting while the system-wide umask has been applied. Now, the default is a 0600 file permission, that is only the user running the foswiki server can read the session objects.

The new configuration parameter {Session}{filePermission} can also be used to explicitly open access rights on session files when there are other subsystems on the same server that actually need access to the session information, for example to cross authenticate a user on an xmpp chat server as well while logging in to foswiki.

-- MichaelDaum - 11 Jun 2012

Topic revision: r11 - 02 Dec 2012, GeorgeClark - This page was cached on 11 Jan 2018 - 06:57.

The copyright of the content on this website is held by the contributing authors, except where stated elsewhere. See Copyright Statement. Creative Commons License