#3889 (ok 4.1.6) When login fails and error display is active, login data is displayed

4.1.5
fixed
Marc Delisle
None
1
2014-01-26
2013-04-26
Ann + J.M.
No

Hide hosts, usernames and passwords when displaying calls to *_connect functions in the backtrace. Otherwise sensitive login data may get exposed to people connecting to PMA after the configured MySQL server goes back online after being offline. Minor, as backtraces are hidden per default.

Discussion

  • Marc Delisle
    Marc Delisle
    2013-05-14

    • Status: open-fixed --> closed-fixed
     
  • Michal Čihař
    Michal Čihař
    2013-06-11

    • Status: closed-fixed --> fixed
     
  • azurIt
    azurIt
    2014-01-24

    This should be reopened as login data are exposed again.

     
  • Marc Delisle
    Marc Delisle
    2014-01-24

    • summary: (ok 4.0.1) When login fails and error display is active, login data is displayed --> When login fails and error display is active, login data is displayed
    • status: fixed --> open
    • assigned_to: Ann + J.M. --> Marc Delisle
    • Group: 4.0.0 --> 4.1.5
     
  • Marc Delisle
    Marc Delisle
    2014-01-24

    • summary: When login fails and error display is active, login data is displayed --> (ok 4.1.6) When login fails and error display is active, login data is displayed
    • status: open --> resolved
     
  • azurIt
    azurIt
    2014-01-24

    fixed, thank you

     
  • Marc Delisle
    Marc Delisle
    2014-01-26

    • Status: resolved --> fixed