Advanced search  


cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.

Pages: [1]   Go Down

Author Topic: Connection error shows DB user name  (Read 2228 times)

0 Members and 1 Guest are viewing this topic.


  • Coppermine novice
  • *
  • Country: 00
  • Offline Offline
  • Posts: 31
    • My Coppermine Album
Connection error shows DB user name
« on: May 13, 2012, 03:18:46 pm »

I had changed a MySQL password and not updated the config file. When I went to the album home page, I was shown a "connection failed" error message which also repeated the complete error message from the server, which includes the user name. Something like "Server said, 'Connection failed for user XXX on database YYY.' "

I thought displaying MySQL error messages was a huge security risk. The general public doesn't need to know the username and database name, and the site admin already knows those things.

Where can I fix this? I bet these messages get displayed if the password server crashes, too, and maybe at other times.
My album:  www dot largiader dot com slash album


  • Administrator
  • Coppermine addict
  • *****
  • Country: de
  • Offline Offline
  • Gender: Male
  • Posts: 15764
Re: Connection error shows DB user name
« Reply #1 on: May 14, 2012, 12:32:25 pm »

the site admin already knows those things
Well, if you want to change that behavior, just edit the following line in include/
Code: [Select]
die('<strong>Coppermine critical error</strong>:<br />Unable to connect to database !<br /><br />MySQL said: <strong>' . mysql_error() . '</strong>');
Pages: [1]   Go Up

Page created in 0.018 seconds with 20 queries.