[horde] MySQL password being exposed

Torsten Krah tkrah at fachschaft.imn.htwk-leipzig.de
Thu Mar 23 01:32:29 PST 2006


As fix in the meantime, dont let php display errors, instead only log
them.
The logfile shoult only be root readable, so untrusted users which have
shell access cant see anything.

kind regards

Torsten

Am Donnerstag, den 23.03.2006, 09:17 +0000 schrieb Frank Costanza:
> Hi,
>  
>  Horde is displaying the data structure listed below, which includes the cleartext MySQL database password.  This error happens when a user attempts to login while the database is not accessable.  As my users are untrusted, I don't want to risk exposing the MySQL database password.  
>  
>  How can I prevent Horde displaying this data structure?
>  
>  I'm running Horde 3.1, IMP 4.1 with Apache 1.3.34 and PHP 5.1.2
>  
>  ----- cut -----
>  A fatal error has occurred
>  
>  DB Error: connect failed
>  
>  [line 388 of /usr/local/horde/lib/Horde/Prefs/sql.php]
>  
>  Details (also in Horde's logfile):
>  
>  object(DB_Error)#11 (8) {
>    ["error_message_prefix"]=>
>    string(0) ""
>    ["mode"]=>
>    int(1)
>    ["level"]=>
>    int(1024)
>    ["code"]=>
>    int(-24)
>    ["message"]=>
>    string(24) "DB Error: connect failed"
>    ["userinfo"]=>
>  
>  ......
>  
>  ----- cut -----
>  
> 
> 
> 
> 
> 		
> ---------------------------------
> Win a BlackBerry device from O2 with Yahoo!. Enter now.



More information about the horde mailing list