This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Talk:Top 10 2007-Information Leakage and Improper Error Handling

From OWASP
Revision as of 19:24, 11 September 2007 by Wurzlsepp (talk | contribs) (New page: Hi all, There are several other sources of information leakes. One of the most common source is exposing the source code in web folders. This normally happens when developers are let in t...)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Hi all,

There are several other sources of information leakes. One of the most common source is exposing the source code in web folders. This normally happens when developers are let in to a productive environment (normally a bad idea :-). They then do something silly like "cp mydatabaseconnection.java to mydatabaseconnection.java.bak", do some quick fixes and forget to delete secxurity copy which is now accessible by web. And alas, after the next time google comes by your db password can even be googled.

If you guys out there feel the need for it I could do some text about other sources of information leakage.

greets wurzlsepp