On Tue, 27 Nov 2001, Tom Micklovitch wrote: > This is a known issue, and certainly on windows versions on Xitami, you actually have to create > the file defaults.aut yourself, as in, actually type in it's contents. I know it is, its in the FAQ mentioned on the xitami website and referenced in my advisory, that is why I released a little early. > But you are correct - it would be nice if it was encoded somehow. > > A more worrying issue is the fact that defaults.aut is world readable AND writable, hence if you > have shared the drive it's on, anyone on the local network can simply replace it with their password. I only tested on Linux, and in my installation defaults.aut was world readable but not world writeable. I did notice that the development version 2.5b5 that the default.aut file was group writeable as well. -- Larry
