True, but at least it doesn't show the username and password, mostly because they were smart and kept it in the application.cfm or something... but the fact that the debugger shows that to the public is an issue, if someone for example wasn't as smart and hardcoded those values in the cfquery tag...
> -----Original Message----- > From: Dave Watts [mailto:[EMAIL PROTECTED] > Sent: Thursday, February 02, 2006 12:04 PM > To: CF-Talk > Subject: Information leakage (was: RE: Ralio (was Re: Bluedragon 6.1)) > > > You're right, they should have set up better error messages, > > but there isn't anything really useful that you can glean > > from this error message... > > That's not entirely true. The error message indicates file paths, and that > they're using JDBC and MySQL. That's none of our business, and along with > other information may indicate potential attack paths. > > Dave Watts, CTO, Fig Leaf Software > http://www.figleaf.com/ > > Fig Leaf Software provides the highest caliber vendor-authorized > instruction at our training centers in Washington DC, Atlanta, > Chicago, Baltimore, Northern Virginia, or on-site at your location. > Visit http://training.figleaf.com/ for more information! > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:231149 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
