-------- Original Message --------
Subject: possible db password-leak
Date: Tue, 26 Apr 2005 22:10:24 +0200 (MEST)
From: ago...@gm...
To: jim...@us...
Hi,
after playing around with phpESP (1.6.1) a bit,
looking through the directories on my drive etc,
in the scripts-dir i found the file mysql_create.sql.
i forgot to delete it after the installation
and i was quite shocked, because it contains the mysql-password/user.
this isnt a bug, but i think it's dangerous.
After deleting it, i googled for 'inurl:"survey.php?name"'
to find phpESP-installations. quite a lot out there.
Very much of the Admins forgot to delete the file too,
and its accessible from the web...
I know it's not your fault, but the user's.
Maybe you could change the install-process a little, so
that the password is more protected?
Anyway: phpESP is good work, no question :)
-ago
--=20
+++ GMX - die erste Adresse f=FCr Mail, Message, More +++
10 GB Mailbox, 100 FreeSMS http://www.gmx.net/de/go/topmail
|
