Heard about this from the <http://www.cfhour.com>cfhour podcast so it's
in the wild. I'm emailing Laura on this as well, but it may take some
time for an update to fix this can get released.
Basically, MangoBlog logs certain errors into *.htm files in
blog\components\utilities\logs. Since they are html files they are
directly accessible for the world to see. If you are using MangoBlog,
you will want to modify the logMessage method inside
blog\components\utilities\Logger.cfc to point either to a protected area
or to turn this logic off. Hopefully, an update to MangoBlog will allow
for control of this functionality from the admin. I blogged about this
at
http://www.codfusion.com/blog/post.cfm/error-logs-are-exposed-in-mangoblog
-------------------------------------------------------------
To unsubscribe from this list, manage your profile @
http://www.acfug.org?fa=login.edituserform
For more info, see http://www.acfug.org/mailinglists
Archive @ http://www.mail-archive.com/discussion%40acfug.org/
List hosted by http://www.fusionlink.com
-------------------------------------------------------------
