PHP :: Bug #34628 :: Showing database's pass in PDOException

Bug #34628

Showing database's pass in PDOException

Submitted:

2005-09-24 14:46 UTC

Modified:

2005-09-24 15:26 UTC

Votes:	1
Avg. Score:	4.0 ± 0.0
Reproduced:	1 of 1 (100.0%)
Same Version:	0 (0.0%)
Same OS:	0 (0.0%)

From:

darkspirit at strefaphp dot net

Assigned:

Status:

Not a bug

Package:

PDO related

PHP Version:

5.1.0RC1

OS:

WindowsXp Home SP2

Private report:

CVE-ID:

None

View Add Comment Developer Edit

Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.

php.net Username: php.net Password:

Quick Fix:	(description)
	Block user comment
Status:		Assign to:
Package:
Bug Type:
Summary:
From:	darkspirit at strefaphp dot net
New email:
PHP Version:		OS:

New/Additional Comment:

[2005-09-24 14:46 UTC] darkspirit at strefaphp dot net

Description:
------------
While constructing PDO object and trying to connect with database, in case something goes wrong, an exception is reportted. Everything is ok unless you want to display trace of exception or exception's object. In this case all required information for connecting with database are displayed.

Reproduce code:
---------------
    catch (PDOException $e)
    {
       echo $e -> getTrace();
       echo $e;	
    }

Expected result:
----------------
exception 'PDOException' with message 'SQLSTATE[28000] [1045] Access denied for user: 'root@localhost' (Using password: YES)' in c:\htdocs\opb\opb\includes\main.php:146 Stack trace: #0 c:\htdocs\opb\opb\includes\main.php(146): PDO->__construct('mysql:dbname=op...', 'root', 'password') #1 c:\htdocs\opb\opb\index.php5(30): OPB->execute('index') #2 {main}

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2005-09-24 15:26 UTC] tony2001@php.net

The trace should be used for debugging purposes only.
Password or any other valuable data (like credit card number or SIN) will appear in trace and that's expected since PHP can't guess if a data is valuable or not and considers all the arguments as only arguments.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Fri Apr 26 22:01:29 2024 UTC