[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] Temporary Files and Web Sites (swp, ~, etc)

To: full-disclosure@xxxxxxxxxxxxxxxx
Subject: Re: [Full-Disclosure] Temporary Files and Web Sites (swp, ~, etc)
From: michael williamson <michael@xxxxxxxxxxxxxxxxx>
Date: Thu, 12 Aug 2004 09:36:12 -0500

Here's another thing:  Don't put your db usernames/passwords in any file
that is accessable from the web.  (the don't have to be)    If some
other bonehead admin happens to replace your http.conf with a generic
one, you don't want all your blocked files showing up automagically.

Secondly, be aware that if you've got embedded usernames/passwords for
db access on your system, they are generally not safe from other users
of the system.

-Michael

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- [Full-Disclosure] Temporary Files and Web Sites (swp, ~, etc)
  - From: bugtraq

Prev by Date: Re: [Full-Disclosure] SP2 is killing me. Help?
Next by Date: RE: [Full-Disclosure] Give XP SP2 a chance
Previous by thread: Re: [Full-Disclosure] Temporary Files and Web Sites (swp, ~, etc)
Next by thread: RE: [Full-Disclosure] Temporary Files and Web Sites (swp, ~, etc)
Index(es):
- Date
- Thread