[VuFind-Tech] sqlnet.log: Bug, feature, or security exposure?

[Barnett, J. <jef...@ya...>]

We're trying to "clean up" our vufind docroot prior to moving to a new machine and I just discovered a huge "sqlnet.log" file in /usr/local/vufind/web.  It seems to be a record of all the Oracle exceptions since we started the system ... possibly useful for debugging.  BUT it is completely web accessible as http://myhost/vufind/sqlnet.log, thereby possibly assisting potential hackers.

Question: When and where is it being generated, and what can/should I do to control its access?

Or do I have some config params wrong?