#63 ✓resolved
Josh Martin

[PATCH] Connection Errors Display Sensitive Information

Reported by Josh Martin | November 17th, 2007 @ 09:18 PM

Throughout the DataObject system, when a connection fails the entire connection string is displayed including authentication information. This information should not be available or logged as a security measure.

When using some frameworks (such as merb) in development mode this information is displayed on the web page.

Comments and changes to this ticket

  • Sam Smoot

    Sam Smoot December 5th, 2007 @ 01:49 PM

    • Assigned user set to “Yehuda Katz”
    • State changed from “new” to “open”

    Josh, DataObjects is a separate project now with it's own Trac. Not sure how wycats wants to handle this?

  • Sam Smoot

    Sam Smoot December 28th, 2007 @ 10:36 PM

    • Milestone cleared.

    Josh, I hath the commit bits to DataObjects now. I'd be happy to apply your patch.

    Being ignorant about makefiles though, would you mind explaining the changes there first? It concerns me a bit... It also actually seems like maybe the inclusion of the makefile was an accident, sense doesn't the extconf.rb generate that?

    So actually, I think I know what to do. But if you could drop me a note and let me know I'll get this applied ASAP.

    Thanks for the contribution.

  • Sam Smoot

    Sam Smoot December 30th, 2007 @ 10:01 AM

    • State changed from “open” to “resolved”

    This is applied in DO's new svn on Rubyforge: revision 3.

    It'll be a part of the DO 0.2.3 release sometime "soon", or you can checkout and build the drivers yourself from svn checkout http://dorb.rubyforge.org/svn

Please Sign in or create a free account to add a new ticket.

With your very own profile, you can contribute to projects, track your activity, watch tickets, receive and update tickets through your email and much more.

New-ticket Create new ticket

Create your profile

Help contribute to this project by taking a few moments to create your personal profile. Create your profile »

People watching this ticket