Socorro UI: database connection problem reveals database password to all

RESOLVED WONTFIX

Status

Socorro
General
--
major
RESOLVED WONTFIX
9 years ago
6 years ago

People

(Reporter: lars, Unassigned)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment)

(Reporter)

Description

9 years ago
Created attachment 367874 [details]
screen capture of SocorroUI showing the database password in plain text

granted there was a misconfiguration, but when connecting to the database, there should be a zero percent chance that a failure to connect should hand a password out to the public...

Comment 1

9 years ago
Was this file in production changed recently?

webapp-php/application/config/config.php

It is not under source control. I will try to repro issue to confirm that this file is what triggers this behavior.

Comment 2

9 years ago
Please get a copy of production webapp-php/application/config/config.php

Which will have settings including:
$config['display_errors'] = FALSE;

which is an important part of a prod Kohana app.
Status: NEW → RESOLVED
Last Resolved: 9 years ago
Resolution: --- → WONTFIX
This can't happen in prod because debugging is disabled (errors don't appear). 
So I'm not sure this is a bug?
Damn... mid-aired.
(Assignee)

Updated

6 years ago
Component: Socorro → General
Product: Webtools → Socorro
You need to log in before you can comment on or make changes to this bug.