By default, the permissions of /etc/etherpad/etherpad.local.properties are world readable. This is dangerous as it contains passwords (both the SQL password, and the etherpad admin password).
An admin just relying on the automatic config of the .deb postinst script (which automatically generates this file...) might not notice this, and leave these passwords exposed.
Maybe a umask 077 somewhere in the postinst script might help?
By default, the permissions of /etc/etherpad/etherpad.local.properties are world readable. This is dangerous as it contains passwords (both the SQL password, and the etherpad admin password).
An admin just relying on the automatic config of the .deb postinst script (which automatically generates this file...) might not notice this, and leave these passwords exposed.
Maybe a umask 077 somewhere in the postinst script might help?