Item11935: Set the umask explicitly while creating session files.
Priority: Enhancement
Current State: Closed
Released In: 1.1.6
Target Release: patch
Applies To: Engine
Component:
Branches: Release01x01 trunk
This improves the default security when creating session objects in the file system. Before, all session files
have been created with a default 0660 permission setting while the system-wide umask has been applied. Now, the
default is a 0600 file permission, that is only the user running the foswiki server can read the session objects.
The new configuration parameter
{Session}{filePermission}
can also be used to explicitly
open access rights on session files when
there are other subsystems on the same server that actually need access to the session information, for example to
cross authenticate a user on an xmpp chat server as well while logging in to foswiki.
--
MichaelDaum - 11 Jun 2012