Error with MySQL database, password shown in stack trace


#1

I just wanted to report an issue that I ran into yesterday. I restarted my server and my mySQL service failed to start up. When I went to the dreamfactory website, the entire stacktrace what shown, including the password that dreamfactory uses to connect to the mySQL database.

Here’s the info for my installation:
Admin Application Version: 2.2.1 DreamFactory Version: 2.2.0 System Database: mysql Install Path: /opt/bitnami/apps/dreamfactory/htdocs/ Log Path: /opt/bitnami/apps/dreamfactory/htdocs/storage/logs/ Log Mode: single Log Level: WARNING Cache Driver: file Cache Path: /opt/bitnami/apps/dreamfactory/htdocs/storage/framework/cache/ Demo: false

Server info: Operating System: linux Release: 3.16.0-4-amd64 Version: #1 SMP Debian 3.16.7-ckt25-2 (2016-04-08)

Steps to reproduce: stop mysqld service, navigate to website, see your password.

If port 3306 is locked down for ‘security reasons’, they should probably not display stack trace information with password information. Just sayin’


#2

@crystaltaggart57 going to test this.


#3

Same issue here with SQL Server if the connection fails.

Admin Application Version: 2.5.1 DreamFactory Version: 2.4.2 System Database: mysql Install Path: /opt/bitnami/apps/dreamfactory/htdocs/ Log Path: /opt/bitnami/apps/dreamfactory/htdocs/storage/logs/ Log Mode: single Log Level: DEBUG Cache Driver: file Cache Path: /opt/bitnami/apps/dreamfactory/htdocs/storage/framework/cache/ Demo: false