Information Leakage

Information Leakage is when a web site reveals sensitive data, such as developer comments or error messages, which may aid an attacker in exploiting the system. Sensitive information may be present within HTML comments, error messages, source code, or simply left in plain sight.

A "feature" in eDeveloper which is known as the "cyan screens" falls in this category; it reveals application names, program names and - in case of an error - some more information. Forunately it does not reveal any database information (table names, column names, SQL, ...). This would be the information people trying to attack a server by means of SQL injection are looking for.

In plain sight is also the content of the Magic script directories (cgi-bin / Magic94Scripts / ... ) after a default Magic installation which grants read-access to these directories by default. You should change permissions for these directories to "execute" only. No need for anybody to see what you have in your mgreq.ini.

...