Hi!,
I recently got my toolserver account. Looking for a way to set my bots (using pywikipedia framework) to run, I noticed many people using the framework haven't set the correct access flags to their "login-data" dir (inside your /home dir). This could lead to someone using those files to run your bot accounts.Although only other toolserver users can see these files, its still an issue . Please make at least that dir "not readable" for anyone but "owner".
--Pyr0.
Hi Matias,
Matias schreef:
Hi!,
I recently got my toolserver account. Looking for a way to set my bots (using pywikipedia framework) to run, I noticed many people using the framework haven't set the correct access flags to their "login-data" dir (inside your /home dir). This could lead to someone using those files to run your bot accounts.Although only other toolserver users can see these files, its still an issue . Please make at least that dir "not readable" for anyone but "owner".
Good one, but don't forget user-config.py . It can also contain sensitive information like passwords.
Maarten
toolserver-l@lists.wikimedia.org