Menu

#3889 (ok 4.1.6) When login fails and error display is active, login data is displayed

4.1.5
fixed
Marc Delisle
None
1
2014-01-26
2013-04-26
J.M. Rütter
No

Hide hosts, usernames and passwords when displaying calls to *_connect functions in the backtrace. Otherwise sensitive login data may get exposed to people connecting to PMA after the configured MySQL server goes back online after being offline. Minor, as backtraces are hidden per default.

Discussion

  • Marc Delisle

    Marc Delisle - 2013-05-14
    • Status: open-fixed --> closed-fixed
     

  • Michal Čihař

    Michal Čihař - 2013-06-11
    • Status: closed-fixed --> fixed
     

  • azurIt

    azurIt - 2014-01-24

    This should be reopened as login data are exposed again.

     

  • Marc Delisle

    Marc Delisle - 2014-01-24
    • summary: (ok 4.0.1) When login fails and error display is active, login data is displayed --> When login fails and error display is active, login data is displayed
    • status: fixed --> open
    • assigned_to: Ann + J.M. --> Marc Delisle
    • Group: 4.0.0 --> 4.1.5
     

  • Marc Delisle

    Marc Delisle - 2014-01-24
    • summary: When login fails and error display is active, login data is displayed --> (ok 4.1.6) When login fails and error display is active, login data is displayed
    • status: open --> resolved
     

  • azurIt

    azurIt - 2014-01-24

    fixed, thank you

     

  • Marc Delisle

    Marc Delisle - 2014-01-26
    • Status: resolved --> fixed