6.0.0-beta1
▾
Tasks
New Task
Search
Photos
Wiki
▾
Tickets
New Ticket
Search
dev.horde.org
Toggle Alerts Log
Help
11/9/25
H
istory
A
ttachments
C
omment
W
atch
Download
Comment on [#5101] horde disclosure of DB connection string in error message
*
Your Email Address
*
Spam protection
Enter the letters below:
__.. ..__ .__ . (__ |\/|[__)[__) | .__)| || \[__)\__|
Comment
> Maybe this should be in enhancement... but... if Horde encounters a > fatal error, it sends a print_r() of the DB object to the browser. > It exposes the database connection information for all the world to > see, and that's a terrible thing to do. > > > > A fatal error has occurred > > DB Error: connect failed > > > > [line 90 of > /usr/local/projects/webmail/html-dev/horde/ingo/lib/Storage/sql.php] > > Details (also in Horde's logfile): > > > > object(DB_Error)#22 (8) { > > ["error_message_prefix"]=> > > ... > > ["dsn"]=> > > array(13) { > > ["phptype"]=> > > string(5) "mysql" > > ["dbsyntax"]=> > > string(5) "mysql" > > ["username"]=> > > string(5) "horde" > > ["password"]=> > > string(9) "L3tM3In!" > > ["protocol"]=> > > string(3) "tcp" > > ["hostspec"]=> > > string(24) "mysql.example.com" > > ["port"]=> > >
Attachment
Watch this ticket
N
ew Ticket
M
y Tickets
S
earch
Q
uery Builder
R
eports
Saved Queries
Open Bugs
Bugs waiting for Feedback
Open Bugs in Releases
Open Enhancements
Enhancements waiting for Feedback
Bugs with Patches
Enhancements with Patches
Release Showstoppers
Stalled Tickets
New Tickets
Horde 5 Showstoppers