(RADIATOR) security with radwho.cgi

Utku Er erutku at netone.net.tr
Thu Oct 31 08:21:53 CST 2002


  Hi, 

  I was using RADIATOR radwho CGI scripts for a long time. Some time ago I log into my machine and see my database ip, port, database username and database password in the /tmp/xxx file in a world readable format... I see that radwho.cgi within the radiator package creates this file.

  Maybe this isn't a big security thread but maybe some people see this file and wonder what it is. 
  I create scripts in my internal machines and get session table directly from the database.

Utku. 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.open.com.au/pipermail/radiator/attachments/20021031/cdc846b3/attachment.html>


More information about the radiator mailing list