[1.5.1] Error message reveals database password when MySQL daemon is not running


#1

When the MySQL daemon is not running and I try to access the web interface of my local Piwik installation, it shows an error message that shows details about the database used by Piwik, including username and password.

If necessary I will PM the anonymized error message to someone responsible. I showed it to a friend and he advised me not to post it publicly

He also said that the problem might not be directly with Piwik, but with PDO (he said it was PDO that put out the error message), and he was wondering if there was another way to “pass in that password, maybe a global variable”. Or, a “traditional SQL library”.

PHP on my server is at version 5.3.6, if that helps. I’m no expert, but I thought I would let you know. If this is not a problem with Piwik, please tell me how I can avoid the error message, as this is a problem for me. Thanks.


(vipsoft) #2

set display_errors=Off

This is a compat-buster in php 5.3.x. In 5.2, if it can’t connect, it throws an exception. In 5.3, it triggers an error.


(vipsoft) #3

See http://dev.piwik.org/trac/changeset/5085