Whenever you get any error in Enterprise Magento site, Magento dev team ask you to run sh sacommands.sh from root privilege and this generates something like text.txt or sa_outputs.txt file.
Should I delete it after I submit this file to magento team?
My doubt is if someone gets this file, which is easy to download, hackers will get almost my valuable information of my magento settings.
Question
How much risk is there from easy access to the text.txt files? Should I delete it?
Any diagnostics/debug run on a website that leaves a user downloadable public file should be deleted. You never know what kind of interesting information is left behind. The web server access logs are full of requests for this kind of stuff, often scripted attacks automatically harvest this.
Magento scripted attacks periodically go through checking for changelogs and other files that might leak installed versions and patchlevels.
Where does this file output exist? Is it stored in the web server doc root where it's accessible to anyone with a browser or in a folder under the protected var/ directory so that you have to get it with an SFTP client?
At one time the report stack trace was visible every time Magento crashed and Magento was notorious for being accessed by search engines while in flagrante. It was funny because you could go looking for Google Dorks (specifically search for Magento error pages) and find some pretty interesting information out about websites, things like database credentials which you could immediately start using when the site operators made their MySQL database engine accessible from the web so they could run tools like NAVICAT.
The above security issue is why you now get the famous "There was an error processing your request" message and a numbered file stored in var/report/ where it isn't available to anyone but the site owner using SFTP to retrieve it.
