[GH-ISSUE #82] SQLite database is world-readable by default #33

New issue

Closed

opened 2026-03-13 15:26:35 +03:00 by kerem · 2 comments

kerem commented 2026-03-13 15:26:35 +03:00

Owner

Copy link

Originally created by @Ajedi32 on GitHub (May 8, 2018).
Original GitHub issue: https://github.com/acme-dns/acme-dns/issues/82

The acme-dns database contains sensitive information such as API keys, and should not be readable by other Linux users by default. However, when I run acme-dns it creates the acme-dns.db file with its permission bits set to 644.

Originally created by @Ajedi32 on GitHub (May 8, 2018). Original GitHub issue: https://github.com/acme-dns/acme-dns/issues/82 The acme-dns database contains sensitive information such as API keys, and should not be readable by other Linux users by default. However, when I run acme-dns it creates the `acme-dns.db` file with its permission bits set to 644.

kerem 2026-03-13 15:26:35 +03:00

• closed this issue
• added the
  bug
  security
  labels

kerem commented 2026-03-13 15:26:59 +03:00

Author

Owner

Copy link

@joohoi commented on GitHub (May 14, 2018):

This definitely is a bug, and should be fixed! Thanks for opening the issue!

<!-- gh-comment-id:388774604 --> @joohoi commented on GitHub (May 14, 2018): This definitely is a bug, and should be fixed! Thanks for opening the issue!

kerem commented 2026-03-13 15:27:05 +03:00

Author

Owner

Copy link

@Ajedi32 commented on GitHub (Aug 3, 2018):

Worth noting this issue is somewhat mitigated by the fact that the API keys are randomly generated, 40 characters long, and hashed with Bcrypt, so a database leak is very unlikely to result in usable credentials for an attacker.

<!-- gh-comment-id:410277938 --> @Ajedi32 commented on GitHub (Aug 3, 2018): Worth noting this issue is somewhat mitigated by the fact that the API keys are randomly generated, 40 characters long, and hashed with Bcrypt, so a database leak is very unlikely to result in usable credentials for an attacker.

kerem referenced this issue 2026-03-13 16:13:52 +03:00

[PR #33] [MERGED] Docker instructions and configuration #252

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

fix_dockerhub

dockerhub

readme2.0

goreleaser_action

refactoring

linter_update_config

update_deps_122

dependabot/go_modules/github.com/valyala/fasthttp-1.34.0

deps_bump

update_goreleaser

update_golint

deps_update

update_dockerfile

v2.0.2

v2.0.1

v2.0

v1.1

v1.0

v0.8

v0.7.2

v0.7.1

v0.7

v0.6

v0.5

v0.4

v0.3.2

v0.3.1

v0.3

v0.2

v0.1

Labels

Clear labels   

Documentation

  

Documentation

  

bug

  

enhancement

  

feature request

  

feature request

  

help wanted

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

security

  

security

  

testing

No labels

Documentation

Documentation

bug

enhancement

feature request

feature request

help wanted

pull-request

question

security

security

testing

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/acme-dns#33

No description provided.