id summary reporter owner description type status component version severity resolution keywords cc stage has_patch needs_docs needs_tests needs_better_patch easy ui_ux 35930 Database password visible on debug page in local variable bytej4ck Ahmed Nassar "In debug page view, secrets are not visible due to masked with '*'. When there is mysql db connection error due to unreachable db server: self.connection = self.get_new_connection(conn_params) exposes db password under `Local vars` dropdown. {{{ conn_params {'charset': 'utf8mb4', 'client_flag': 2, 'conv': {0: , 1: , 2: , 3: , 4: , 5: , 7: , 8: , 9: , 10: , 11: , 12: , 13: , 15: , 245: , 246: , 249: , 250: , 251: , 252: , 253: , 254: , : , : , : , : , : , : , : , : , : , : }, 'database': 'test-db', 'password': 'test_password', 'unix_socket': '/example/test-db', 'user': 'example_user'} }}} Would be better if all db credentials in debug mode should be masked also with '*'." Cleanup/optimization assigned Error reporting dev Normal db, password, exposed bytej4ck Accepted 1 0 1 1 0 0