On Mon, May 15, 2023 at 05:45:33PM +0100, Graeme Fowler via Exim-users wrote:
> > Have secrets in a separate file? > That can be done already, in a variety of different ways. I suggest > you have a read of the documentation. If that was meant for me, it's a misunderstanding. I am very well aware of the possibilities, I was pointing that out myself. > That said, a lot of server software which may use privileged ports > or provide access to content - like Apache httpd, Tomcat, MariaDB, > PostgreSQL etc - do not allow arbitrary non-privileged users to read > their configuration. > It's not security by obscurity, it's a basic fundamental good > practice on UNIX-like systems and it's been like that since the very > early days of the OS. It's not likely to change any time soon. In a default install of Debian (and systems derived from it) certainly most of those files are world readable. I think the same is the case for other major distros, though I have used them much less. -- Ian -- ## subscription configuration (requires account): ## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/ ## unsubscribe (doesn't require an account): ## exim-users-unsubscr...@lists.exim.org ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
