Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

.json file security issue in version 3.0 beta #56

Open
naveen17797 opened this issue Oct 2, 2019 · 1 comment
Open

.json file security issue in version 3.0 beta #56

naveen17797 opened this issue Oct 2, 2019 · 1 comment
Labels
bug Hacktoberfest hacktoberfest2019 security

Comments

@naveen17797
Copy link
Owner

the .json file might be served by apache if it is not protected by .htaccess, although the file doesn't have passwords in plain text format, the risk is still huge, it can be cracked with dictionary based attacks if the user was using a common password. there need to be way to store the file, may be place it outside the root (version 2 did that)
@Maikuolan
Copy link
Contributor

Maikuolan commented Oct 13, 2019
edited
Loading

For Apache servers, placing a dot in front of the filename, like .file.json, will automatically hide the file from external requests, so may be a viable way to improve the security of the file in the case of Apache servers. However, that mechanism is unfortunately only an Apache thing, so won't make any difference in terms of security for users using other kinds of server software, like Nginx and so on.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Hacktoberfest hacktoberfest2019 security
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Maikuolan @naveen17797