On Mon, May 15, 2023 at 05:45:33PM +0100, Graeme Fowler via Exim-users wrote:
> > Have secrets in a separate file?
> That can be done already, in a variety of different ways. I suggest
> you have a read of the documentation.
If that was meant for me, it's a misunderstanding. I am very well aware
of the possibilities, I was pointing that out myself.
> That said, a lot of server software which may use privileged ports
> or provide access to content - like Apache httpd, Tomcat, MariaDB,
> PostgreSQL etc - do not allow arbitrary non-privileged users to read
> their configuration.
> It's not security by obscurity, it's a basic fundamental good
> practice on UNIX-like systems and it's been like that since the very
> early days of the OS. It's not likely to change any time soon.
In a default install of Debian (and systems derived from it) certainly
most of those files are world readable. I think the same is the case
for other major distros, though I have used them much less.
--
Ian
--
## subscription configuration (requires account):
##
https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@???
## Exim details at
http://www.exim.org/
## Please use the Wiki with this list -
http://wiki.exim.org/
