Changes between Initial Version and Version 1 of Ticket #5024
- Timestamp:
- Mar 25, 2007, 7:20:31 PM (17 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
Ticket #5024
- Property Owner changed from to
- Property Priority normal → high
- Property Milestone → 0.10.4
-
Ticket #5024 – Description
initial v1 1 1 We recently had a hiccup with our mysql service in which python lost the connection. When this happened, the MySQL backend raised an exception showing the trace of calls that caused the exception. In this trace, the username and password for the sql database were exposed in plain text. 2 2 i.e. 3 {{{ 3 4 global MySQLConnection = <class 'trac.db.mysql_backend.MySQLConnection'>, path = u'/trac', user = u'trac', password = u'********', host = u'db.trac.sharpe-shell.org', port = None, params = {} 5 }}} 4 6 5 7 The error message received follows: 8 {{{ 6 9 OperationalError: (2013, 'Lost connection to MySQL server during query') 10 }}} 7 11 8 12 This is a serious security issue. It seems as though some exception handling needs to be added in the SQL backend.