Guest IPS News
November 1, 2006 in Feedback
What I don't understand is if this is a security problem, why does this site have debug mode on and most other sites i go to, I see it as on. And to me personally it has no value to just use it every once in a while. I like seeing hw the times change, where I know better when to tell my host things are slower than normal.
This site does not have the debug mode on, it has the debug level set to 1. It's more important that set the debug mode to off than you set the debug level to 0.
Oh, ok. Although it does still suggest changing it to level 0....
Yeah, I'm not sure why though, setting the debug mode to No seems to be sufficient.
What exactly "is" debug mode? I always just glanced past it as needing to be set to ON for debug level 1 to show. I didn't realize it was something different.
If you have debug level set to show sql queries at the bottom of the page, the same vulnerabilities still exist. So set the debug level low enough that SQL queries don't show on the page.
Well I have it at 1, so it doesn't show those. ANy that would be shown when they click on the query count are too general to harm aren't they? They are just telling table names which things are selected from. But who knows.... I would like to keep it on level 1, but obviously only if it is not a vulnerability.
Nevermind. I see now, when debug mode is turned off, clicking the query count wont even show the queries.
debug level set to 1 would be a problem?
No, that should not be a problem whatsoever. I don't know why it said change it to 0. It appears to me that the only info they get by it being at level 1 is the NUMBER of queries. So I sure don't see how that can be any problem.
Ok, there appears to be some confusion here.
Enable SQL Debug Mode
Debug levelThis controls the debug information shown at the footer of your board.
This controls the debug information shown at the footer of your board.
I think this exploit was used ti crack a norwegian board yesterday. Damn jerks that do this...
It's not really an exploit so much. By leaving debug modes enabled, the software will politely report all the information to and from the database and such. All you have to do is view this information and possibly use it in a way that you should not.More a case of knowing information you should not know.
yeah i got hacked last night, dunno if it was this but somebody requested a password reminder email on my admin username email to be sent, and somehow managed to get in, change my Password and delete all my forums! FFrrys was the groups name
Nobody ever said this issue was quite risky to the extent premature jerks can have admin access anytime they like! >.<
While the SQL Debug tool is very useful, leaving it enabled when not in use poses a significant security risk. By design, the tool displays all data passing between our software and your database and therefore a malicious user could view potentially sensitive data and use that data to gain unauthorized access.
please tell me ..I use ipb forum 2.1.7and I make back up...but I don"t know how install that file???my back up is save on my pc..and what I can do with this fileIm a newbie...you see...I know install or upload skin on forum..but back up...no,no,no and noplease tel me like a stupid girl...that I am :blush: step by stepths
Please submit a ticket at http://invisionpower.com/customer for support.
This topic is now archived and is closed to further replies.
Started Saturday at 07:56 PM
Started February 26
Started 40 minutes ago