[SAC] OSGeo security reminder ....

Martin Spott Martin.Spott at mgras.net
Mon Apr 9 18:28:58 EDT 2012


Hi folks,
the Python script "ldap_group.py" (among others) contains the master
LDAP admin password _hardcoded_ and is world-readable.

Thus everybody having shell-access to this machine can read the most
essential LDAP credits directly - and all the other ones are probably
having easy read access via Apache modules with known security holes,
because nobody of those who set this machine up had been taking care of
applying at least the most essential security fixes.

I wonder why people had been in favour of setting up that many
different VM's if they are incapable of maintaining all these machines
and don't understand at least the basics of IT security.

Cheers,
	Martin.
-- 
 Unix _IS_ user friendly - it's just selective about who its friends are !
--------------------------------------------------------------------------


More information about the Sac mailing list