duanboxue3422 2012-04-20 15:25
浏览 67
已采纳

Mongo / PHP - 连接失败打印明文密码

If my mongo database is down, my php application is printing out the plaintext password in the error. How can I prevent this?

Fatal error: Uncaught exception 'MongoCursorException' with message 
'couldn't send command' in /ap/db.php:23     Stack trace: 
#0 /ap/db.php(23): MongoDB->authenticate('username', 'actual_password') 
#1 /ap/index.php(6): Worker->__construct() #2 {main} thrown in /ap/db.php 
on line 23

I understand that I can disable php errors, but that is not what I want to do. I want to see an error, but I don't want it to print the password.

  • 写回答

1条回答 默认 最新

  • dousong9729 2012-04-20 15:43
    关注

    In a production application, users should never see an error like "Uncaught exception" or other developer-oriented message. This exposes a lot of information to a potential attacker and confuses your legitimate users. Log the detailed technical message and display a friendly error page to the user.

    To disable visible errors and log them instead, edit php.ini:

    • Set error_log to a valid log path
    • Set display_errors to Off.

    The process to enable friendly errors depends on your web server, but the idea is the same: Set a custom page to be displayed when a 500 error is encountered. In Apache, for example, you set ErrorDocument 500 /path/to/custom/500.html.

    EDIT :

    OP indicates that this is a development box — either way you should wrap your connection attempt in a try/catch block (which is something you should be doing anyway), and then you can display a 'sanitized' error message:

    try {
  MongoDB->authenticate('username','password');
} catch (MongoCursorException $e) {
  die("Unable to authenticate to database [code: " . $e->getCode() . "]: "
    . $e->getMessage());
}
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 HFSS 中的 H 场图与 MATLAB 中绘制的 B1 场 部分对应不上
  • ¥15 如何在scanpy上做差异基因和通路富集?
  • ¥20 关于#硬件工程#的问题,请各位专家解答!
  • ¥15 关于#matlab#的问题:期望的系统闭环传递函数为G(s)=wn^2/s^2+2¢wn+wn^2阻尼系数¢=0.707,使系统具有较小的超调量
  • ¥15 FLUENT如何实现在堆积颗粒的上表面加载高斯热源
  • ¥30 截图中的mathematics程序转换成matlab
  • ¥15 动力学代码报错,维度不匹配
  • ¥15 Power query添加列问题
  • ¥50 Kubernetes&Fission&Eleasticsearch
  • ¥15 報錯:Person is not mapped,如何解決?