This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Talk:Top 10 2007-Information Leakage and Improper Error Handling
Hi all,
There are several other sources of information leakes. One of the most common source is exposing the source code in web folders. This normally happens when developers are let in to a productive environment (normally a bad idea :-). They then do something silly like "cp mydatabaseconnection.java to mydatabaseconnection.java.bak", do some quick fixes and forget to delete secxurity copy which is now accessible by web. And alas, after the next time google comes by your db password can even be googled.
If you guys out there feel the need for it I could do some text about other sources of information leakage.
greets wurzlsepp