People displaying far too much info in messages

[DeanMarshall]

Hi guys,

I just want to rant for a moment about the dangers of leaving sensitive data lying around.

I don't have access to the mods forum anymore so thought I would just raise this issue in
the public forums.  Not sure whether here is the most appropriate area or if the security
forum would be more suitable.

I think there are a few too many posts with path info, especially where the domain name forms part of the path:
/usr/clients/www.somedomain.com/joomla/

The combination of domain name, server paths, and software running on the server (often with version info)
are enough to give a hacker a good head start on probing a system. Posts with full configuration.php files - and
I have seen at least one with database usernames, passwords, hosts etc on full display - complete with livesite
variable - is just asking for trouble.

If we are not careful this support forum could be the single largest repository for those wishing to compromise Joomla users.

I know I am ranting a bit, and I know I am preaching to the converted, I would just like to nudge the
mods to gently remind users of the dangers.  Might it even be an idea to add something to the rules
about not posting too much data, or perhaps making a sticky on the subject - if there isn't one already.

Dean

[hefi]

Ur right!

[Taku]

I totally agree. Do you think it would be possible to to have a warning just above the submit button of the forums telling people that sensitive information such as your livesite variable server configuration could be placing your website and its server in jeopardy and all care should be taken to ensure that this information is hidden (you wouldn't stick your email, address and full name up here would you?)