Hi again, it appears that this did not fix the problem. He's still gaining database access.
I've changed my core.php debug to 0. I also changed the password of my database. I've checked my server to make sure its not displaying php errors. I'm using the security component. I'm on Cake 1.3.10. I'm in the process of upgrading my cake folder to 1.3.11 right now. But yet, even after these changes this person has again somehow gotten access to my database. He's inserting users with all fields of the user table set to NULL and marking himself as a premium member(its one of my fields in the user table). He doesn't give himself a username or password so he can't actually log in and abuse my system. He's just got access to my database somehow. I'm not sure how to figure out how he's doing this. Does anyone have any ideas? If you need me to paste some code please let me know and I'll provide it, as I'm not sure where the error might lie. Thanks for any help. On Aug 13, 8:57 am, euromark <[email protected]> wrote: > yes, withsecuritycomponent this is not possible. > but ceeram is right about the password displayed. > > On 13 Aug., 01:13, andrewperk <[email protected]> wrote: > > > The username and password is specific to just that database luckily. > > I've changed the information. Thanks Ceeram. > > > On Aug 12, 3:51 pm, Ceeram <[email protected]> wrote: > > > > with debug on, and there is an error with db connection, it will show db > > > login credentials (this is changed in latest versions), so they probably > > > accessed the db itself, is the user allowed for all hosts on the db or > > > just > > > local? -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/cake-php
