ralio icon indicating copy to clipboard operation
ralio copied to clipboard

Published 20 hours ago verified publisher icon oesmith

Secure .raliorc

Open thinkerbot opened this issue 9 years ago • 0 comments

The .raliorc file stores passwords in plaintext but is left open for anyone to read. It probably should be made 0600 so only the user can read the file. I'm pretty sure this is the change that needs to be made (I've never worked with node and so I'm just opening this issue instead of making a proper PR).

diff --git a/bin/ralio b/bin/ralio
index 539b83f..383a553 100755
--- a/bin/ralio
+++ b/bin/ralio
@@ -124,7 +124,7 @@ program
             var fs = require('fs'),
                 path = require('path');

-            fs.writeFile(path.join(process.env.HOME, '.raliorc'), JSON.stringify(ralio_configuration), function(err) {
+            fs.writeFile(path.join(process.env.HOME, '.raliorc'), JSON.stringify(ralio_configuration), {"mode": 0600}, function(err) {
               err ? console.log(err) : console.log("All set! :)".green);
             });

It might also be nice to print a warning to stderr if ralio reads .raliorc and determines it is not secured.

thinkerbot avatar May 26 '15 14:05 thinkerbot