From e6753a7086f95b4bd18cc55ed363f6013ecf2a5a Mon Sep 17 00:00:00 2001 From: Adam Williamson Date: Jul 29 2014 20:36:42 +0000 Subject: update README with a note about config file permissions --- diff --git a/roundcubemail-README.rpm b/roundcubemail-README.rpm index 945c3e3..afb5445 100644 --- a/roundcubemail-README.rpm +++ b/roundcubemail-README.rpm @@ -35,7 +35,10 @@ UPGRADING: when upgrading from < 1.0 the old configuration files named main.inc.php and db.inc.php are now deprecated and should be replaced with one single config.inc.php file. Run the /usr/share/roundcube/bin/update.sh script as root to get this conversion done or manually merge the files. The update -script will also update the database configuration. +script will also update the database configuration. Check the permissions of +the config.inc.php file and all backups the script creates! Make sure they +are not world-readable, as they may contain sensitive information (e.g. +database passwords). NOTE: the new config.inc.php should only contain options that differ from the ones listed in defaults.inc.php.