This repository has been archived by the owner on Apr 17, 2018. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 73
DataObjects logs database password on database error #18
Comments
ghost
assigned myabc
Dec 28, 2011
Yeah, we should not output this information in exceptions etc. so we should fix this behavior. |
definitely this info should stay away from log files ! |
This only half-fixes the issue. In @rsutphin's original report,
The first occurrence of This can be fixed by changing the relevant line to
(I know this is seriously old code, but logging passwords is a seriously big bug. ;) ) |
systemed
added a commit
to systemed/do
that referenced
this issue
Jan 29, 2018
Currently passwords are logged if they're part of `query` - see datamapper#18
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
When there's a database exception thrown DO includes the database password in the logs. Example:
I'm seeing this with DO 0.10.7 and do_postgres 0.10.7. I'm using DO within DataMapper 1.2.0. I mentioned this issue on the datamapper mailing list and it was suggested that it's a DO bug.
The text was updated successfully, but these errors were encountered: