Sunday, September 27, 2015

Don't post your log on screen @ web page

Programmers love to display log on their working page while developing the page. And normally, when they release the page or site, there are always pages that they forgot to disable of remove the log. When this happen, they are actually opening a small window to cyber threat @ hackers.

Take for example or a website below (click to enlarge)

The site show the IP address, the type of database and the path use for the database connection. Now, this may be good for programmer, but it is security loopholes that shall and can be easily avoided.

As an advice to programmers, if you need to log, PLEASE do log on a file which shall be truncated/replace (configured) not more than a week.

p/s: I'm also programmer with security interest :)


Share It

Popular Posts