MySQL backend exposes sql username and password on connection errors

[mc@…]

We recently had a hiccup with our mysql service in which python lost the connection. When this happened, the MySQL backend raised an exception showing the trace of calls that caused the exception. In this trace, the username and password for the sql database were exposed in plain text. i.e.

global MySQLConnection = <class 'trac.db.mysql_backend.MySQLConnection'>, path = u'/trac', user = u'trac', password = u'********', host = u'db.trac.sharpe-shell.org', port = None, params = {}

The error message received follows:

OperationalError: (2013, 'Lost connection to MySQL server during query')

This is a serious security issue. It seems as though some exception handling needs to be added in the SQL backend.

[Christian Boos]

What was the exact backtrace?

Were you using mod_python with the PythonDebug directive set to On, by any chance? If so, consider turning it off, see the ​mod_python docs.

Anyway, here's a possible solution for concealing database passwords, in general, attachment:conceal_passwd-r5130.diff​. Please review.

[Christian Boos]

Conceal the password string so that dumping it in backtraces will not show its sensitive content.

[Matthew Good]

Replying to cboos:

Anyway, here's a possible solution for concealing database passwords, in general, attachment:conceal_passwd-r5130.diff​. Please review.

First of all in the TracError you've left the "%s" in the string despite removing the parameter.

Secondly I think it'd be sufficient to simply return '' since revealing the length of the password also provides some information towards cracking it.

[Christian Boos]

Thanks for the feedback. Corrected patch committed as r5136 (trunk) and r5137 (0.10-stable).