Avoid world readable `config.db`

mnemosyne-proj / mnemosyne

Mnemosyne: efficient learning with powerful digital flash-cards.

https://mnemosyne-proj.org/

Other

507 stars 74 forks source link

Avoid world readable `config.db` #242

Open thomasbach-dev opened 1 year ago

thomasbach-dev commented 1 year ago

Hi there,

thanks a lot for this piece of software. I have not really come to use it yet, but it looks excellent.

While setting up a headless sync server I noticed that config.db is initially in mode 0644. This could be a security risk as this file contains credentials remote_access_username and remote_access_password. Please make this file accessible only by the user executing mnemosyne.

Thanks

pbienst commented 1 year ago

Thanks for bringing this up! Feel free to submit a patch. :-)