[PATCH] Connection Errors Display Sensitive Information
Reported by Josh Martin | November 17th, 2007 @ 09:18 PM
Throughout the DataObject system, when a connection fails the entire connection string is displayed including authentication information. This information should not be available or logged as a security measure.
When using some frameworks (such as merb) in development mode this information is displayed on the web page.
Comments and changes to this ticket
-
Sam Smoot December 5th, 2007 @ 01:49 PM
- Assigned user set to “Yehuda Katz”
- State changed from “new” to “open”
Josh, DataObjects is a separate project now with it's own Trac. Not sure how wycats wants to handle this?
-
Sam Smoot December 28th, 2007 @ 10:36 PM
- Milestone cleared.
Josh, I hath the commit bits to DataObjects now. I'd be happy to apply your patch.
Being ignorant about makefiles though, would you mind explaining the changes there first? It concerns me a bit... It also actually seems like maybe the inclusion of the makefile was an accident, sense doesn't the extconf.rb generate that?
So actually, I think I know what to do. But if you could drop me a note and let me know I'll get this applied ASAP.
Thanks for the contribution.
-
Sam Smoot December 30th, 2007 @ 10:01 AM
- State changed from “open” to “resolved”
This is applied in DO's new svn on Rubyforge: revision 3.
It'll be a part of the DO 0.2.3 release sometime "soon", or you can checkout and build the drivers yourself from svn checkout http://dorb.rubyforge.org/svn
Please Sign in or create a free account to add a new ticket.
With your very own profile, you can contribute to projects, track your activity, watch tickets, receive and update tickets through your email and much more.
Create new ticket
Create your profile
Help contribute to this project by taking a few moments to create your personal profile. Create your profile »
Rick