Menu
▾
▴
[phpesp-dev] [Fwd: possible db password-leak]
|
From: James E. F. <jf...@uv...> - 2005-05-05 00:34:06
|
-------- Original Message -------- Subject: possible db password-leak Date: Tue, 26 Apr 2005 22:10:24 +0200 (MEST) From: ago...@gm... To: jim...@us... Hi, after playing around with phpESP (1.6.1) a bit, looking through the directories on my drive etc, in the scripts-dir i found the file mysql_create.sql. i forgot to delete it after the installation and i was quite shocked, because it contains the mysql-password/user. this isnt a bug, but i think it's dangerous. After deleting it, i googled for 'inurl:"survey.php?name"' to find phpESP-installations. quite a lot out there. Very much of the Admins forgot to delete the file too, and its accessible from the web... I know it's not your fault, but the user's. Maybe you could change the install-process a little, so that the password is more protected? Anyway: phpESP is good work, no question :) -ago --=20 +++ GMX - die erste Adresse f=FCr Mail, Message, More +++ 10 GB Mailbox, 100 FreeSMS http://www.gmx.net/de/go/topmail |
