[PATCH] Connection Errors Display Sensitive Information
Reported by Josh Martin | November 17th, 2007 @ 09:18 PM
Throughout the DataObject system, when a connection fails the entire connection string is displayed including authentication information. This information should not be available or logged as a security measure.
When using some frameworks (such as merb) in development mode this information is displayed on the web page.
Comments and changes to this ticket
-
Sam Smoot December 5th, 2007 @ 01:49 PM
- → Assigned user changed from “” to “Yehuda Katz”
- → State changed from “new” to “open”
Josh, DataObjects is a separate project now with it's own Trac. Not sure how wycats wants to handle this?
-
Sam Smoot December 28th, 2007 @ 10:36 PM
- → Milestone cleared.
Josh, I hath the commit bits to DataObjects now. I'd be happy to apply your patch.
Being ignorant about makefiles though, would you mind explaining the changes there first? It concerns me a bit... It also actually seems like maybe the inclusion of the makefile was an accident, sense doesn't the extconf.rb generate that?
So actually, I think I know what to do. But if you could drop me a note and let me know I'll get this applied ASAP.
Thanks for the contribution.
-
Sam Smoot December 30th, 2007 @ 10:01 AM
- → State changed from “open” to “resolved”
This is applied in DO's new svn on Rubyforge: revision 3.
It'll be a part of the DO 0.2.3 release sometime "soon", or you can checkout and build the drivers yourself from svn checkout http://dorb.rubyforge.org/svn
Please Login or create a free account to add a new comment.
You can update this ticket by sending an email to from your email client. (help)
Create your profile
Help contribute to this project by taking a few moments to create your personal profile. Create your profile »
