Mongodb credentials saved in pritunl.conf readable to all users with shell access


Just noticed that /etc/pritunl.conf installs with 0644 permissions and since mongodb_uri is stored there in plain text… that allows any user with shell access take a peek at pritunl’s mongodb credentials. Concerning!..

(the good news is that pritunl didn’t mind me setting permissions to 0600)

The next release will update the permissions to 600 when loading and saving the configuration.

That’s brilliant, thank you!..