Changes between Initial Version and Version 2 of Ticket #35930


Ignore:
Timestamp:
Nov 23, 2024, 12:33:25 AM (4 weeks ago)
Author:
bytej4ck
Comment:

Legend:

Unmodified
Added
Removed
Modified
  • Ticket #35930

    • Property Component UncategorizedError reporting
    • Property Type UncategorizedBug
    • Property Summary Database password visible on debug page (view source only)Database password visible on debug page
    • Property Version 4.1
  • Ticket #35930 – Description

    initial v2  
    1 In debug page view, secrets are not visible due to masked with '*' but in view page source db password is visible:
    2 [[Image(https://github.com/user-attachments/assets/a7504c2e-99b4-4268-8eab-1858742105ec)]]
     1In debug page view, secrets are not visible due to masked with '*'. When there is mysql db connection error due to unreachable db server: self.connection = self.get_new_connection(conn_params) exposes db password under `Local vars` dropdown.
    32
    4 Password length: 99
    5 Characters: All password requirements including all symbols.
     3
     4{{{
     5    conn_params {'charset': 'utf8mb4',
     6           'client_flag': 2,
     7           'conv': {0: <class 'decimal.Decimal'>,
     8          1: <class 'int'>,
     9          2: <class 'int'>,
     10          3: <class 'int'>,
     11          4: <class 'float'>,
     12          5: <class 'float'>,
     13          7: <function DateTime_or_None at 0x7f6218e5b490>,
     14          8: <class 'int'>,
     15          9: <class 'int'>,
     16          10: <function Date_or_None at 0x7f6218e5b640>,
     17          11: <function typecast_time at 0x7f6219d803a0>,
     18          12: <function DateTime_or_None at 0x7f6218e5b490>,
     19          13: <class 'int'>,
     20          15: <class 'bytes'>,
     21          245: <class 'bytes'>,
     22          246: <class 'decimal.Decimal'>,
     23          249: <class 'bytes'>,
     24          250: <class 'bytes'>,
     25          251: <class 'bytes'>,
     26          252: <class 'bytes'>,
     27          253: <class 'bytes'>,
     28          254: <class 'bytes'>,
     29          <class 'array.array'>: <function array2Str at 0x7f6218e84160>,
     30          <class 'decimal.Decimal'>: <function Decimal2Literal at 0x7f6218e840d0>,
     31          <class 'datetime.date'>: <function Thing2Literal at 0x7f6218e84040>,
     32          <class 'datetime.datetime'>: <function DateTime2literal at 0x7f6218e5b6d0>,
     33          <class 'datetime.timedelta'>: <function DateTimeDelta2literal at 0x7f6218e5b760>,
     34          <class 'set'>: <function Set2Str at 0x7f6218e5bd90>,
     35          <class 'NoneType'>: <function None2NULL at 0x7f6218e5bf40>,
     36          <class 'int'>: <function Thing2Str at 0x7f6218e5be20>,
     37          <class 'float'>: <function Float2Str at 0x7f6218e5beb0>,
     38          <class 'bool'>: <function Bool2Str at 0x7f6218e5bc70>},
     39 'database': 'test-db',
     40 'password': 'test_password',
     41 'unix_socket': '/example/test-db',
     42 'user': 'example_user'}
     43}}}
     44
     45
     46Would be better if all db credentials in debug mode should be masked also with '*'.
Back to Top