Gossamer Forum: Products: Gossamer Links: Discussions: debugging

May 4, 2005, 1:24 AM

Gypsypup

User (226 posts)

May 4, 2005, 1:24 AM

Post #1 of 11

Shortcut

debugging

Ummmm, Errrrr...
enable debugging and on errors it does show lots of things.
I think showing the world your mysql database username, password and other things is a bit bloody ridiculous.

Come on GT - improve on that a bit...
That is a little over the top.

May 4, 2005, 12:21 PM

brewt

Staff (4101 posts)

May 4, 2005, 12:21 PM

Post #2 of 11

Shortcut

Re: [Gypsypup] debugging In reply to

Debug output from a fatal error does not contain such information for everyone to see. That mysql information is actually in your cookies and it shown because it dumps all the cookies available to the domain.

Adrian

May 4, 2005, 1:40 PM

Gypsypup

User (226 posts)

May 4, 2005, 1:40 PM

Post #3 of 11

Shortcut

Re: [brewt] debugging In reply to

You got that totally wrong.

If as you say that is 'cookie based' - that particular instance. then it is available to anyone who has a cookie from that script. Anyone in my instance who tried to log in as some kind of user.

Please get real and drop the pathetic excuses, this kind of info should not be made public in anyway at all. Play Bob The Builder and fix it.

May 4, 2005, 3:24 PM

Jagerman

Staff (2198 posts)

May 4, 2005, 3:24 PM

Post #4 of 11

Shortcut

Re: [Gypsypup] debugging In reply to

Which section of the output is it that you think should not be shown? Where is the breach of security that you see? If you are talking about information stored in a cookie, that information is already stored on your own computer and won't be visible to anyone else anyway. Gossamer Links does not dump information like database access information, admin access information, etc.

Jason Rhinelander
Gossamer Threads
jason@gossamer-threads.com

May 4, 2005, 4:49 PM

HyperTherm

Enthusiast (928 posts)

May 4, 2005, 4:49 PM

Post #5 of 11

Shortcut

Re: [Jagerman] debugging In reply to

GT::Template::dump dumps the entire Config/Data.pm including the License Number.

Thanks
HyTC
==================================
Mail Me If Contacting Privately Is That Necessary.
==================================

May 4, 2005, 11:30 PM

Gypsypup

User (226 posts)

May 4, 2005, 11:30 PM

Post #6 of 11

Shortcut

Re: [HyperTherm] debugging In reply to

Thank You....

A massive security breach - sorry guys - its real.

May 4, 2005, 11:42 PM

brewt

Staff (4101 posts)

May 4, 2005, 11:42 PM

Post #7 of 11

Shortcut

Re: [HyperTherm] debugging In reply to

That's why you really shouldn't be using <%GT::Template::dump%> or <%DUMP%> on public viewable pages. Always only dump on certain conditions (eg. based on user, or a specific argument being passed in).

Adrian

May 4, 2005, 11:43 PM

brewt

Staff (4101 posts)

May 4, 2005, 11:43 PM

Post #8 of 11

Shortcut

Re: [Gypsypup] debugging In reply to

In Reply To:

A massive security breach - sorry guys - its real.

As we have explained, enabling debugging is not a security breach (other than path disclosure).

Adrian

May 5, 2005, 12:16 AM

Gypsypup

User (226 posts)

May 5, 2005, 12:16 AM

Post #9 of 11

Shortcut

Re: [brewt] debugging In reply to

What you are saying is that two of us are wrong...
You may be looking at a new install.
Mine was a re-install over a re-install over my first links.

That may be the difference -....

May 5, 2005, 12:21 AM

brewt

Staff (4101 posts)

May 5, 2005, 12:21 AM

Post #10 of 11

Shortcut

Re: [Gypsypup] debugging In reply to

Send/PM me a copy of the debug output.

Adrian

May 5, 2005, 12:44 AM

Gypsypup

User (226 posts)

May 5, 2005, 12:44 AM

Post #11 of 11

Shortcut

Re: [brewt] debugging In reply to

You can believe what you like about this next statement..

It isnt doing it a second time. damned if I know. Issue is - there is another person who saw exactly the same thing. Therefore it is real.

Keep an eye on this one.