duanboxue3422 2012-04-20 15:25
浏览 67
已采纳

Mongo / PHP - 连接失败打印明文密码

If my mongo database is down, my php application is printing out the plaintext password in the error. How can I prevent this?

Fatal error: Uncaught exception 'MongoCursorException' with message 
'couldn't send command' in /ap/db.php:23     Stack trace: 
#0 /ap/db.php(23): MongoDB->authenticate('username', 'actual_password') 
#1 /ap/index.php(6): Worker->__construct() #2 {main} thrown in /ap/db.php 
on line 23

I understand that I can disable php errors, but that is not what I want to do. I want to see an error, but I don't want it to print the password.

  • 写回答

1条回答 默认 最新

  • dousong9729 2012-04-20 15:43
    关注

    In a production application, users should never see an error like "Uncaught exception" or other developer-oriented message. This exposes a lot of information to a potential attacker and confuses your legitimate users. Log the detailed technical message and display a friendly error page to the user.

    To disable visible errors and log them instead, edit php.ini:

    • Set error_log to a valid log path
    • Set display_errors to Off.

    The process to enable friendly errors depends on your web server, but the idea is the same: Set a custom page to be displayed when a 500 error is encountered. In Apache, for example, you set ErrorDocument 500 /path/to/custom/500.html.

    EDIT :

    OP indicates that this is a development box — either way you should wrap your connection attempt in a try/catch block (which is something you should be doing anyway), and then you can display a 'sanitized' error message:

    try {
  MongoDB->authenticate('username','password');
} catch (MongoCursorException $e) {
  die("Unable to authenticate to database [code: " . $e->getCode() . "]: "
    . $e->getMessage());
}
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 素材场景中光线烘焙后灯光失效
  • ¥15 请教一下各位,为什么我这个没有实现模拟点击
  • ¥15 执行 virtuoso 命令后,界面没有,cadence 启动不起来
  • ¥50 comfyui下连接animatediff节点生成视频质量非常差的原因
  • ¥20 有关区间dp的问题求解
  • ¥15 多电路系统共用电源的串扰问题
  • ¥15 slam rangenet++配置
  • ¥15 有没有研究水声通信方面的帮我改俩matlab代码
  • ¥15 ubuntu子系统密码忘记
  • ¥15 保护模式-系统加载-段寄存器