This is in response to bugtraq id 8771,9087. ---------- Forwarded message ---------- Date: Fri, 14 May 2004 07:19:18 -0700 From: Barry Leslie To: Larry W. Cashdollar <lwc@xxxxxxxxxxxx> Subject: Re: WG: Vapid Labs Security Advisory for PrimeBase Database 4.2 Hi, I am not sure if you are aware or not but there is a new version of PrimeBase available at: http://www.Primebase.com/ftp/releases/4229/ that addresses all of the concerns that you have reported. Thank you for reporting these things to us. Barry > From: "Larry W. Cashdollar" <lwc@xxxxxxxxxxxx> > Date: Wed, 29 Oct 2003 15:37:50 -0500 (EST) > To: Barry Leslie <barry.leslie@xxxxxxxxxxxxx> > Subject: Re: WG: Vapid Labs Security Advisory for PrimeBase Database 4.2 > > > You guys should also hash the password stored in password.adm. Storing > passwords in clear text is dangerous. Users should also be instructed to > change the file permissions to something more restrictive.. like read only > for that user... > > # chmod 400 password.adm > > -- Larry >
