I've been trying to reach
DDC online dictionaries for the last few weeks, but I keep getting the following warnings:
Warning: mysql_connect() [function.mysql-connect]: Access denied for user 'dzongkha'@'jomolhari.druknet.bt' (using password: YES) in/home/dzongkha/public_html/online/config.php on line 2
Warning: mysql_select_db(): supplied argument is not a valid MySQL-Link resource in /home/dzongkha/public_html/online/config.php on line 3
What's going on here? DDC's web server cannot access the back-end database. But in the process, it prints diagnostics ("Access denied for user ...") which I, as a user, should not see. These messages can help an adversary to hack into the system, since now the "bad guy" has information about the database server and the username. The web server should not print these messages. A webmaster can easily turn off diagnostic messages in the production system. In addition, it is highly advisable to employ a monitoring mechanism which will periodically check that the web server is functioning correctly.
What's going on here? DDC's web server cannot access the back-end database. But in the process, it prints diagnostics ("Access denied for user ...") which I, as a user, should not see. These messages can help an adversary to hack into the system, since now the "bad guy" has information about the database server and the username. The web server should not print these messages. A webmaster can easily turn off diagnostic messages in the production system. In addition, it is highly advisable to employ a monitoring mechanism which will periodically check that the web server is functioning correctly.
No comments:
Post a Comment
We love to hear from our readers!
Comments are reviewed before being published, so it might take a few hours before you see your comments posted.
Note: Only a member of this blog may post a comment.