Advanced search  

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Pages: [1]   Go Down

Author Topic: Connection error shows DB user name  (Read 2227 times)

0 Members and 1 Guest are viewing this topic.

AntonLargiader

  • Coppermine novice
  • *
  • Country: 00
  • Offline Offline
  • Posts: 31
    • My Coppermine Album
Connection error shows DB user name
« on: May 13, 2012, 03:18:46 pm »

I had changed a MySQL password and not updated the config file. When I went to the album home page, I was shown a "connection failed" error message which also repeated the complete error message from the server, which includes the user name. Something like "Server said, 'Connection failed for user XXX on database YYY.' "

I thought displaying MySQL error messages was a huge security risk. The general public doesn't need to know the username and database name, and the site admin already knows those things.

Where can I fix this? I bet these messages get displayed if the password server crashes, too, and maybe at other times.
Logged
My album:  www dot largiader dot com slash album

Αndré

  • Administrator
  • Coppermine addict
  • *****
  • Country: de
  • Offline Offline
  • Gender: Male
  • Posts: 15764
Re: Connection error shows DB user name
« Reply #1 on: May 14, 2012, 12:32:25 pm »

the site admin already knows those things
Well, if you want to change that behavior, just edit the following line in include/init.inc.php:
Code: [Select]
die('<strong>Coppermine critical error</strong>:<br />Unable to connect to database !<br /><br />MySQL said: <strong>' . mysql_error() . '</strong>');
Logged
Pages: [1]   Go Up
 

Page created in 0.017 seconds with 19 queries.