[Tracker-discuss] [issue172] Traceback exposed in misformed URL
Facundo Batista
metatracker at psf.upfronthosting.co.za
Mon Dec 10 13:34:59 CET 2007
Facundo Batista added the comment:
I think that showing the internal variables and their values on one side, and
the full traceback with directory names and everything on the other, could be
used by bad people to attack the system (I don't know how, but I'm not a cracker).
Even if the information exposed is not so important, what's the harm of not
showing it? Returning a 505, or a "Query bad formed" message should be enough.
Maybe disabling the "debug mode" in the server will do it and minimize the effort.
Anyway, I just wanted to point the issue to you, because maybe it was not a
desired effect. If you consciously want to leave it like this, it's ok to me
(feel free to close the bug).
Thank you!!
_______________________________________________________
Meta Tracker <metatracker at psf.upfronthosting.co.za>
<http://psf.upfronthosting.co.za/roundup/meta/issue172>
_______________________________________________________
More information about the Tracker-discuss
mailing list