View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0003655 | OXID eShop (all versions) | 4.07. Source code, Test | public | 2012-03-01 12:54 | 2012-12-18 14:21 |
| Reporter | stefan2 | Assigned To | |||
| Priority | normal | Severity | minor | Reproducibility | always |
| Status | resolved | Resolution | won't fix | ||
| Product Version | 4.5.8 revision 42471 | ||||
| Target Version | 4.6.6 revision 54646 | ||||
| Summary | 0003655: ADODB_Exception: Stack trace shows user/pass for database connection | ||||
| Description | if database is not accessible the stack trace shows the whole connection data. Thats security relevant and should not be shown. #2 /path/core/oxdb.php(158): ADOConnection->Connect('HOST', 'USER', 'PASS', 'DATABASE') | ||||
| Tags | No tags attached. | ||||
| Theme | Both | ||||
| Browser | All | ||||
| PHP Version | any | ||||
| Database Version | any | ||||
| has duplicate | 0004949 | resolved | Linas Kukulskis | ADODB_Exception reveals ALL database access codes |
|
|
Error occurs only when eShop debug mode is ON. When debug mode is OFF ($this->iDebug = 0;), then it shows only "Shop offline!". |
|
|
Hi, as mentioned above, this is only shown when shop is in debug mode and various information is available in this mode, which should not be shown in working shop. As password is not shown (it shows * instead of password, e.g. CONNECT(localhost, 'root', '****', oxid) ), we do not see it as security issue. |
