[Gluster-infra] Small security gotcha with www.gluster.org and sql files... ; )
Justin Clift
justin at gluster.org
Tue Oct 14 19:30:35 UTC 2014
Was just looking around the web root of www.gluster.org a few minutes
ago, and noticed a few worrying new files (9th October 2014) there:
* file.sql
* mysqldump.sql
Please don't do that. ;)
SQL database dumps can have all kinds of sensitive data in them, so
shouldn't ever be in the web root (a publicly accessibly location)
without effective controls around them.
I've moved them into a non-public location in my home dir in case
they're still needed:
/home/jclift/shouldntbepublic_201410141956/
Note - Looking through the Varnish logs on the server, no-one has
attempted to download them so this isn't a biggie. Live and learn
thing. ;)
Regards and best wishes,
Justin Clift
--
GlusterFS - http://www.gluster.org
An open source, distributed file system scaling to several
petabytes, and handling thousands of clients.
My personal twitter: twitter.com/realjustinclift
More information about the Gluster-infra
mailing list