There's an extremly limited security issue that will display the physical path to your database (including database name). If your database is inaccessable for any reason, (such as during making a backup of it, etc.), then the forum code will display:
Microsoft JET Database Engine error '80004005'
Could not find file 'x:\xxxx\xxxx\xxxx.xxx\xxxx\databasename'.
/forum/inc_top.asp, line 75
where the databasename is what you named the database and the x's are the exact path to it. Is it possible to make it display a "database path is incorrect" message or something else. I know the chances are extremly rare of catching the error will the file is being backed up, etc., but it still poses a security hazard.
EDIT:I'm noticing this with 3.3.03 as I'm getting ready to upgrade, but I'm sure it'll affect 3.4 too.
Topic Locked
Posted - 01 September 2002 : 17:47:42
