I don't think that is good advertising.
I never said it was good advertising, it was a surprise to me to see
how many Active4D sites there are.
If Active4D throws an error, it
makes private variables and directory paths public?
By default, yes.
Could that be a
security problem?
It could be a security problem if a hacker were somehow able to
figure out the programming logic from a stack trace and then upload a
replacement file. If a hacker can upload files, all security is out
the window anyway. That is a web server security issue, not an
Active4D security issue.
As for seeing variables, they can at most see one line of code.
Are these cases where the developer has not set up
custom error pages and so Active4D tells all?
Yes, it is up to the developer to remove the default (developer)
error page in a production environment.
Lest you think Active4D is somehow one big security hole, try this
google search:
phpinfo
There are about 2 million servers out there showing there complete
php configuration...
Regards,
Aparajita
www.aparajitaworld.com
"If you dare to fail, you are bound to succeed."
- Sri Chinmoy | www.srichinmoylibrary.com
_______________________________________________
Active4D-dev mailing list
[email protected]
http://mailman.aparajitaworld.com/mailman/listinfo/active4d-dev
Archives: http://mailman.aparajitaworld.com/archive/active4d-dev/
