[wp-trac] [WordPress Trac] #23140: WordPress giving too much info to end users on DB error
WordPress Trac
noreply at wordpress.org
Tue Jan 8 13:30:18 UTC 2013
#23140: WordPress giving too much info to end users on DB error
--------------------------+------------------------------
Reporter: AKTed | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Database | Version: 3.5
Severity: normal | Resolution:
Keywords: close |
--------------------------+------------------------------
Changes (by dd32):
* keywords: => close
Comment:
There is a slight difference in how the dead db message is handled, on
front-end and back-end:
For example, This is what a user on a production server will see when
`http://example.com/wp-admin/` is accessed:
http://cl.ly/image/342a2C3a3c2L or http://cl.ly/image/1E3B0i1Y1b19
depending on the actual connection issue
On the other hand, Visitors to `http://example.com/` and
`http://example.com/some-post-name/` will get a much more bland page like
this: http://cl.ly/image/2j371N2R0v1p
The first message exposes the database name OR database server name
(usually localhost). Neither of these pieces of information should be
critical to security, but they're invaluable to users who don't understand
why their site isn't working..
--
Ticket URL: <http://core.trac.wordpress.org/ticket/23140#comment:6>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list