Full Disclosure mailing list archives

Re: Temporary Files and Web Sites (swp, ~, etc)

From: michael williamson <michael () puffin tamucc edu>
Date: Thu, 12 Aug 2004 09:36:12 -0500

Here's another thing:  Don't put your db usernames/passwords in any file
that is accessable from the web.  (the don't have to be)    If some
other bonehead admin happens to replace your http.conf with a generic
one, you don't want all your blocked files showing up automagically.

Secondly, be aware that if you've got embedded usernames/passwords for
db access on your system, they are generally not safe from other users
of the system.

-Michael

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

Temporary Files and Web Sites (swp, ~, etc) bugtraq (Aug 12)
- Re: Temporary Files and Web Sites (swp, ~, etc) Spiro Trikaliotis (Aug 12)
- Re: Temporary Files and Web Sites (swp, ~, etc) Nicob (Aug 12)
- Re: Temporary Files and Web Sites (swp, ~, etc) michael williamson (Aug 12)
- RE: Temporary Files and Web Sites (swp, ~, etc) Aditya, ALD [Aditya Lalit Deshmukh] (Aug 12)