Sad to hear that, Miles. I hope cake devs not blaming developers fault again. Otherwise, cake devs make it more safer way to new developer in learning CakePHP. Which always have many mistakes as progress of learning.
Thanks http://yoodey.com On Wed, Jun 22, 2011 at 12:22 AM, Miles J <mileswjohn...@gmail.com> wrote: > I have brought this problem up before. Last time, the Cake devs said > it was the developers fault and it will stay in. > > -_- > > On Jun 21, 8:23 am, looklook look <bashl...@gmail.com> wrote: > > Now you got my point ;) > > > > I have tried with google query to show database connection on Drupal, > > Codeigniter, Wordpress and many else. > > But yes, they can handle this database error carefully. > > > > So, i think this is critical issue that should fixed immediatelly. > > > > Thanks > > > > Yodihttp://yoodey.com > > > > On Tue, Jun 21, 2011 at 9:36 PM, Thomas Ploch <profipl...@googlemail.com > >wrote: > > > > > > > > > > > > > > > > > OMG, > > > > > I certainly could connect to __several__ mysql servers found with this > > > google query. > > > > > Although I agree that this is a developer's mistake, I am sure that > > > there are a lot of unskilled developers that are doing this because > they > > > just dont know it better. So removing those values from the output > would > > > be a +1 from me. > > > > > Regards, > > > Thomas > > > > > Am Dienstag, den 21.06.2011, 06:02 -0700 schrieb chris: > > > > I'm intrigued by this issue. > > > > > > Can someone explain what situations would the whole config var be > > > > output? Is it only when an error occurs, and only when at a certain > > > > debug level? I've never seen it displayed at all whilst developing > > > > with cakePHP. > > > > > > Out of interested I googled the first part of the output, i.e. > > > > > > $config = array( "persistent" => false, > > > > > > and it certaintly suprised me how many sites this brings back with > > > > passwords on show. > > > > > > On Jun 21, 12:46 pm, yodi <bashl...@gmail.com> wrote: > > > > > Sorry, it was on random site build by CakePHP. > > > > > > > To Euromark, i found more than 100 website affected with this > problem > > > > > and i don't have much time to email them all. > > > > > > > I think, whether it debug > 0, Cakephp should'nt throw real > password > > > > > into CONTEXT. > > > > > > > I try searching another CMS and Framework. Using same method, i > found > > > > > nothing of them show real password where database error connection > > > > > occured. > > > > > > > Yes, this is security issued for me. Which there are many developer > > > > > using CakePHP. > > > > > > > To Larry, i can send you some message to show how much it's > affected. > > > It > > > > > can be consideration. > > > > > > > Thanks > > > > > > > On Tue, 2011-06-21 at 06:13 -0500, Larry E. Masters wrote: > > > > > > Are you saying this was on the CakePHP website or a random site > you > > > > > > where visiting? > > > > > > > > -- > > > > > > Larry E. Masters > > > > > > > > On Mon, Jun 20, 2011 at 2:18 PM, yoodey <bashl...@gmail.com> > wrote: > > > > > > Hello all, > > > > > > > > I'm randomly browsing and get a website with Database > error > > > > > > connection. > > > > > > It gave me error page : Warning (2): mysql_connect() > > > > > > [function.mysql- > > > > > > connect]: Access denied for user ... > > > > > > > > So i click on Context option and got this information. > > > > > > > > $config = array( > > > > > > "persistent" => false, > > > > > > "host" => "xxxxxxxxxxxxxxxxxxx", > > > > > > "login" => "dbxxxxx", > > > > > > "password" => "dbtxxx", > > > > > > "database" => "dbxxxxx", > > > > > > "port" => "3306", > > > > > > "driver" => "mysql", > > > > > > "prefix" => "", > > > > > > "encoding" => "UTF8" > > > > > > ) > > > > > > > > To avoid other people doing bad thing, i'm not showing > real > > > > > > error > > > > > > information. > > > > > > > > I'm doing mysql command based on that information and > guest > > > > > > what? I > > > > > > got full access! > > > > > > Curious with this error, i'm doing little research and > found > > > > > > more than > > > > > > 1000 website mysql root access. (there many others, but i > too > > > > > > tired to > > > > > > check it one by one ). > > > > > > > > This is very dangerous things which i'm big fans of > CakePHP. > > > I > > > > > > working > > > > > > on 50K/day visitors website powered by CakePHP which i > don't > > > > > > wanna > > > > > > this thing happen to me. > > > > > > > > So, please tell me, which people in cakephp.org should > be > > > > > > contacted > > > > > > because this issue. Opening ticket will leaked real > > > > > > information for > > > > > > the victim website. > > > > > > > > Thanks > > > > > > > > Yoodey > > > > > > > > -- > > > > > > Our newest site for the community: CakePHP Video > Tutorials > > > > > > http://tv.cakephp.org > > > > > > Check out the new CakePHP Questions site > > > > > > http://ask.cakephp.organdhelp others with their CakePHP > > > > > > related questions. > > > > > > > > To unsubscribe from this group, send email to > > > > > > cake-php+unsubscr...@googlegroups.com For more options, > > > visit > > > > > > this group athttp://groups.google.com/group/cake-php > > > > > > > > -- > > > > > > Our newest site for the community: CakePHP Video Tutorials > > > > > >http://tv.cakephp.org > > > > > > Check out the new CakePHP Questions sitehttp://ask.cakephp.organd > > > > > > help others with their CakePHP related questions. > > > > > > > > To unsubscribe from this group, send email to > > > > > > cake-php+unsubscr...@googlegroups.com For more options, visit > this > > > > > > group athttp://groups.google.com/group/cake-php > > > > > -- > > > Our newest site for the community: CakePHP Video Tutorials > > >http://tv.cakephp.org > > > Check out the new CakePHP Questions sitehttp://ask.cakephp.organd help > > > others with their CakePHP related questions. > > > > > To unsubscribe from this group, send email to > > > cake-php+unsubscr...@googlegroups.com For more options, visit this > group > > > athttp://groups.google.com/group/cake-php > > -- > Our newest site for the community: CakePHP Video Tutorials > http://tv.cakephp.org > Check out the new CakePHP Questions site http://ask.cakephp.org and help > others with their CakePHP related questions. > > > To unsubscribe from this group, send email to > cake-php+unsubscr...@googlegroups.com For more options, visit this group > at http://groups.google.com/group/cake-php > -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php
