New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

No error recovery in install process for bad database credentials #47

Closed
co60ca opened this Issue Jun 29, 2016 · 3 comments

Comments

Projects
None yet
2 participants
@co60ca
Contributor

co60ca commented Jun 29, 2016

  • Check this box if this is a security vulnerability.

Summary

If you fail to use the correct username&password for your database you just get a blank screen at the end of the install process due to a 500 server error

Expected Outcome

Failure in UI shown, potentially bounce back to the database configuration screen

What Actually Happened

Blank screen shown due to 500 server error
Password shown in error.log logs, unsure if this is considered privileged?

[Tue Jun 28 01:43:52.244561 2016] [:error] [pid 15927] [client 192.168.2.146:39360] PHP Notice:  Undefined index: databases in /var/www/html/airship/src/Installer/Install.php on line 414, referer: http://appserv-ub03/
[Tue Jun 28 01:43:52.264859 2016] [:error] [pid 15927] [client 192.168.2.146:39360] PHP Fatal error:  Uncaught Airship\\Alerts\\Database\\DBException: Could not create a database connection. Please check your username and password. in /var/www/html/airship/src/Engine/Database.php:95\nStack trace:\n#0 /var/www/html/airship/src/Installer/Install.php(534): Airship\\Engine\\Database::factory('pgsql:host=loca...', 'postgres', 'secret...', Array)\n#1 /var/www/html/airship/src/Installer/Install.php(478): Airship\\Installer\\Install->finalDatabasePrimary()\n#2 /var/www/html/airship/src/Installer/Install.php(294): Airship\\Installer\\Install->finalDatabaseSetup()\n#3 /var/www/html/airship/src/Installer/Install.php(132): Airship\\Installer\\Install->finalize(Array)\n#4 /var/www/html/airship/src/Installer/launch.php(171): Airship\\Installer\\Install->currentStep()\n#5 /var/www/html/airship/src/public/index.php(26): include('/var/www/html/a...')\n#6 {main}\n  thrown in /var/www/html/airship/src/Engine/Database.php on line 95, referer: http://appserv-ub03/
@paragonie-scott

This comment has been minimized.

Show comment
Hide comment
@paragonie-scott

paragonie-scott Jun 29, 2016

Member

Ah, good catch. That should definitely be fixed.

Member

paragonie-scott commented Jun 29, 2016

Ah, good catch. That should definitely be fixed.

@paragonie-scott

This comment has been minimized.

Show comment
Hide comment
@paragonie-scott

paragonie-scott Jun 29, 2016

Member

9138893

That should fix it.

Member

paragonie-scott commented Jun 29, 2016

9138893

That should fix it.

This was referenced Jun 30, 2016

@paragonie-scott

This comment has been minimized.

Show comment
Hide comment
@paragonie-scott

paragonie-scott Jun 30, 2016

Member

This is fixed in master. It will land in 1.1.0 tomorrow.

Member

paragonie-scott commented Jun 30, 2016

This is fixed in master. It will land in 1.1.0 tomorrow.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment