db error messages

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

db error messages

a@kid

Is there any way to stop MediaWiki from displaying information about  
the database when there is a database error?

Currently, if a database error occurs, the name of the database as  
well as the database user name are displayed in the error message.  
This seems like a potential security risk. I don't know if i need to  
change something in mediawiki or with my host to hide this  
information in error messages.

thanks
_______________________________________________
MediaWiki-l mailing list
[hidden email]
http://mail.wikipedia.org/mailman/listinfo/mediawiki-l
Reply | Threaded
Open this post in threaded view
|

Re: db error messages

Ashar Voultoiz-2
a@kid wrote:
> Is there any way to stop MediaWiki from displaying information about  
> the database when there is a database error?
>
> Currently, if a database error occurs, the name of the database as  
> well as the database user name are displayed in the error message.  
> This seems like a potential security risk. I don't know if i need to  
> change something in mediawiki or with my host to hide this  
> information in error messages.

Hello,

SQL errors should be hidden by default with the parameter:

    $wgShowSQLErrors = false;

Unless you have explicitly set it to true in your LocalSettings.php, no
error message should be shown. If there is any, it most probably a bug
in the software.

cheers,

--
Ashar Voultoiz - WP++++
http://en.wikipedia.org/wiki/User:Hashar
http://www.livejournal.com/community/wikitech/
IM: [hidden email]  ICQ: 15325080

_______________________________________________
MediaWiki-l mailing list
[hidden email]
http://mail.wikipedia.org/mailman/listinfo/mediawiki-l
Reply | Threaded
Open this post in threaded view
|

Re: db error messages

a@kid
In reply to this post by a@kid

I haven't set $wgShowSQLErrors in LocalSettings.php and yet i am  
still getting mysql error messages. Sometimes these include the name  
of the database and the db user, other times they include a Backtrace  
of the error.

I need to investigate further, but the error messages may be only  
coming from my own custom Special Pages.


_______________________________________________
MediaWiki-l mailing list
[hidden email]
http://mail.wikipedia.org/mailman/listinfo/mediawiki-l
Reply | Threaded
Open this post in threaded view
|

Re: db error messages

Brion Vibber
a@kid wrote:
> I haven't set $wgShowSQLErrors in LocalSettings.php and yet i am  
> still getting mysql error messages. Sometimes these include the name  
> of the database and the db user, other times they include a Backtrace  
> of the error.

That's normal. The actual query is suppressed by default, the message is shown.

> I need to investigate further, but the error messages may be only  
> coming from my own custom Special Pages.

You might want to fix those then. ;)

-- brion vibber (brion @ pobox.com)


_______________________________________________
MediaWiki-l mailing list
[hidden email]
http://mail.wikipedia.org/mailman/listinfo/mediawiki-l

signature.asc (257 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: db error messages

a@kid
In reply to this post by a@kid
Is there any reason to be concerned about having the db name and user  
shown the the public?
Is there any way to stop it from being shown in the error message?

thanks again




Date: 2006-05-16 22:30:40 GMT (1 day, 18 hours and 37 minutes ago)
 > I haven't set $wgShowSQLErrors in LocalSettings.php and yet i am
 > still getting mysql error messages. Sometimes these include the name
 > of the database and the db user, other times they include a Backtrace
 > of the error.

That's normal. The actual query is suppressed by default, the message  
is shown.

 > I need to investigate further, but the error messages may be only
 > coming from my own custom Special Pages.

You might want to fix those then. ;)

-- brion vibber (brion  <at>  pobox.com)
_______________________________________________
MediaWiki-l mailing list
[hidden email]
http://mail.wikipedia.org/mailman/listinfo/mediawiki-l