Security hole????

[Guest]

I have just installed todays snapshot on a shared server that I also have an October snapshot on, on a different domain and separate account. I did this to test the new snapshot in hopes of transferring it and replacing the old one after it's tested, due to too many problems that apparently are fixed in the November snapshots.

When I went in to make changes to configure.php, the other accounts' database info, username and password were in there! (// define our database connection)

Both carts have different usernames, passwords, and database names.

 

Someone please tell me how this can happen, and what I can do to fix it... if I can see this info, so can anyone else on this server... and I'm not the only one using this hosting that uses OsC.

 

Violet

[Ajeh]

Are you sure you did not copy your old configure.php files over there?

[Guest]

Hi Linda,

 

No, I did a fresh download from OsC then zipped it and uploaded to the server, and was just starting to put in the new Paypal IPN in when I noticed it. I'm not even on the same computer as where my other files are stored.

 

 

Thanks,

Violet

[Guest]

OK, now I feel like a moron. It looks like it's a server problem!

For some reason the server is confusing the two accounts! YIKES!

Sorry for setting off any alarm bells.

 

I'm off to find out why / how the server did it :(

 

Violet