Connection error shows DB user name Connection error shows DB user name
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

Connection error shows DB user name

Started by AntonLargiader, May 13, 2012, 03:18:46 PM

Previous topic - Next topic

0 Members and 2 Guests are viewing this topic.

AntonLargiader

I had changed a MySQL password and not updated the config file. When I went to the album home page, I was shown a "connection failed" error message which also repeated the complete error message from the server, which includes the user name. Something like "Server said, 'Connection failed for user XXX on database YYY.' "

I thought displaying MySQL error messages was a huge security risk. The general public doesn't need to know the username and database name, and the site admin already knows those things.

Where can I fix this? I bet these messages get displayed if the password server crashes, too, and maybe at other times.
My album:  www dot largiader dot com slash album

ΑndrĂ©

Quote from: AntonLargiader on May 13, 2012, 03:18:46 PM
the site admin already knows those things
Well, if you want to change that behavior, just edit the following line in include/init.inc.php:
die('<strong>Coppermine critical error</strong>:<br />Unable to connect to database !<br /><br />MySQL said: <strong>' . mysql_error() . '</strong>');