Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Stacktrace with database password is shown when database is not available #11325

Closed
ndecker opened this issue Sep 26, 2014 · 5 comments
Closed

Stacktrace with database password is shown when database is not available #11325

ndecker opened this issue Sep 26, 2014 · 5 comments
Labels
enhancement

Comments

@ndecker
Copy link

ndecker commented Sep 26, 2014

In owncloud 7.0.2 a stacktrace is shown when no connection to the database could be opened. The stacktrace contains (part of) the database password:

[2002] SQLSTATE[HY000] [2002] No such file or directory

#0 /usr/share/php/Doctrine/DBAL/Driver/PDOConnection.php(40): PDO->__construct('mysql:host=loca...', 'owncloud', 'database password...', Array)
#1 /usr/share/php/Doctrine/DBAL/Driver/PDOMySql/Driver.php(41): Doctrine\DBAL\Driver\PDOConnection->__construct('mysql:host=loca...', 'owncloud', 'database password...', Array)
#2 /usr/share/php/Doctrine/DBAL/Connection.php(356): Doctrine\DBAL\Driver\PDOMySql\Driver->connect(Array, 'owncloud', 'database password...', Array)
#3 /usr/share/php/Doctrine/DBAL/Connection.php(680): Doctrine\DBAL\Connection->connect()
#4 /usr/share/owncloud/lib/private/db/connection.php(107): Doctrine\DBAL\Connection->executeQuery('SELECT `configv...', Array, Array, NULL)
#5 /usr/share/owncloud/lib/private/appconfig.php(259): OC\DB\Connection->executeQuery('SELECT `configv...', Array)
#6 /usr/share/owncloud/lib/private/app.php(184): OC\AppConfig->getValues(false, 'enabled')
#7 /usr/share/owncloud/lib/private/app.php(69): OC_App::getEnabledApps()
#8 /usr/share/owncloud/lib/base.php(515): OC_App::loadApps(Array)
#9 /usr/share/owncloud/lib/base.php(1012): OC::init()
#10 /usr/share/owncloud/index.php(26): require_once('/usr/share/ownc...')
#11 {main}
@ghost
Copy link

ghost commented Sep 26, 2014

Is this shown in your browser? If yes disable show errors (can't remember the exact config option atm) in your php.ini which should be standard in a productive environment anyway.

@ndecker
Copy link
Author

ndecker commented Sep 27, 2014

It is shown in the browser for every requested page, even if not logged in. display_errors in php.ini is switched off.

The error seems to be caught in index.php and rendered by core/templates/error.php

To reproduce i just stopped mariadb and reloaded the owncloud page.

@ghost
Copy link

ghost commented Sep 27, 2014

Hi,

confirmed this behavior. @karlitschek Seems to me more like a security issue than an Enhancement.

@LukasReschke
Copy link
Member

I propose backporting #11019

@LukasReschke LukasReschke mentioned this issue Nov 14, 2014
Merged
@LukasReschke LukasReschke mentioned this issue Jan 6, 2015
Merged
@LukasReschke
Copy link
Member

Will be fixed with the next oC 7 and oC 8 release.

@lock lock bot locked as resolved and limited conversation to collaborators Aug 14, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@karlitschek @LukasReschke @ndecker