12-03-2016, 12:47 AM
(12-02-2016, 08:56 PM)alphabeta35 Wrote: hi Ben/Shannon
i just received a MySql error as i tried to open this page and the error information also included the plain sql query that is being run. this is very dangerous and is giving valuable information to a hacker who wants to attack the forum software and can lead to personal info being leaked to the attacker, besides many other things.
i am sure there is a way to disable detailed error messages and just give basic error response in forum settings or web server settings. i think that setting should be enabled to maximize security.
Thanks for the heads up. We have it under control.
Subliminal Audio Specialist & Administrator
The scientist has a question to find an answer for. The pseudo-scientist has an answer to find a question for. ~ "Failure is the path of least persistence." - Chinese Fortune Cookie ~ Logic left. Emotion right. But thinking, straight ahead. ~ Sperate supra omnia in valorem. (The value of trust is above all else.) ~ Meowsomeness!
The scientist has a question to find an answer for. The pseudo-scientist has an answer to find a question for. ~ "Failure is the path of least persistence." - Chinese Fortune Cookie ~ Logic left. Emotion right. But thinking, straight ahead. ~ Sperate supra omnia in valorem. (The value of trust is above all else.) ~ Meowsomeness!
