Depending on the configuration, it can be accessed from a remote computer. In this case, it was configured for localhost access, however it is entirely possible that it could be world-accessible.
Right... that's like saying "The root password was strong, however it is entirely possible that it could be an empty string."
Fortunately, someone on the main article did respond that having trace.axd enabled could result in 500 errors dumping a stack trace. That's a much clearer argument for why having tracing enabled is a bad thing.
Fortunately, someone on the main article did respond that having trace.axd enabled could result in 500 errors dumping a stack trace. That's a much clearer argument for why having tracing enabled is a bad thing.