Uploaded image for project: 'phpBB3'
  1. phpBB3
  2. PHPBB3-9359

SQL error message also given if DEBUG-mode disabled

    XMLWordPrintable

Details

    • Bug
    • Status: Closed (View Workflow)
    • Major
    • Resolution: Won't Fix
    • 3.0.x
    • 3.0.15-RC1
    • Other
    • None

    Description

      Don't know whether this is by design or not: the complete SQL error message including parts of the faulty SQL statement is given to all users even if DEBUG-mode is disabled. This might give an attacker some information about potential issues with faulty modifications.

      Attachments

        Issue Links

          is related to

          Bug - A problem which impairs or prevents the functions of the product. PHPBB3-9079 Display backtrace on all E_USER_ERROR errors, not only SQL errors (when DEBUG_EXTRA is enabled)

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. PHPBB3-10581 Malformed SQL is logged when user triggering it is shown the offending SQL

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Closed

          Activity

            People

              CHItA CHItA
              PhilippK PhilippK
              Votes:
              1 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: