[Bug 874] New - Mysql password displayed in error messages to users
bugs@bugs.horde.org
bugs@bugs.horde.org
Tue, 12 Feb 2002 11:08:02 -0400
http://bugs.horde.org/show_bug.cgi?id=874
*** shadow/874 Tue Feb 12 11:08:02 2002
--- shadow/874.tmp.3511 Tue Feb 12 11:08:02 2002
***************
*** 0 ****
--- 1,53 ----
+ Bug#: 874
+ Product: Horde
+ Version: 2.0 Stable
+ Platform: MSIE 5
+ OS/Version: Linux
+ Status: NEW
+ Resolution:
+ Severity: normal
+ Priority: P2
+ Component: IMP
+ Area: BUILD
+ AssignedTo: chuck@horde.org
+ ReportedBy: ron@imperators.ca
+ URL:
+ Cc: ron@imperators.ca
+ Summary: Mysql password displayed in error messages to users
+
+ I have a horde installation that uses IMP's IMAP setting for authentication.
+ When I log in, if there is a problem accessing the database server, the error
+ message below is displayed:
+
+ A fatal error has occurred
+ object(db_error)(7) {
+ ["error_message_prefix"]=>
+ string(0) ""
+ ["mode"]=>
+ int(1)
+ ["level"]=>
+ int(1024)
+ ["code"]=>
+ int(-25)
+ ["message"]=>
+ string(29) "DB Error: extension not found"
+ ["userinfo"]=>
+ array(6) {
+ ["phptype"]=>
+ string(5) "mysql"
+ ["hostspec"]=>
+ string(21) "xxxxxxxxxxxxxxx.xxxx.com"
+ ["username"]=>
+ string(8) "hordemgr"
+ ["password"]=>
+ string(9) "xxxxxxxx"
+ ["database"]=>
+ string(7) "horde20"
+ ["table"]=>
+ string(11) "horde_prefs"
+
+ The bug is that it displays the mysql password to the users, who shouldn't get
+ that information.
+
+ Ron Nessim
+ ron@imperators.ca