.davmail.properties should be created with 600 permissions

mguessan / davmail

DavMail POP/IMAP/SMTP/Caldav/Carddav/LDAP Exchange and Office 365 Gateway - Synced with main subversion repository at

http://davmail.sourceforge.net

GNU General Public License v2.0

582 stars 86 forks source link

.davmail.properties should be created with 600 permissions #254

Open rsekman opened 2 years ago

rsekman commented 2 years ago

.davmail.properties can contain, in plaintext, proxy passwords an OAuth tokens that should be kept secret. It should not be world-readable. While on Unix-like systems this is easily fixed with chmod 600 this should not be the responsibility of the end-user. davmail should create this file with the appropriate permissions from the start by calling umask().

mguessan commented 2 years ago

Makes sense, now that we dropped support for older java versions we can use nio API. => fix available in trunk, trying to set file readable by user on initial file creation

mguessan commented 2 years ago

Sorry first try had wrong permissions, should be fixed