Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make error messages not leak potentially sensitive information when tracker db connection fails #18079

Closed
tsteur opened this issue Sep 29, 2021 · 0 comments · Fixed by #18085
Closed

Make error messages not leak potentially sensitive information when tracker db connection fails #18079

tsteur opened this issue Sep 29, 2021 · 0 comments · Fixed by #18085
Assignees
@peterhashair
Labels
c: Security For issues that make Matomo more secure. Please report issues through HackerOne and not in Github. Enhancement For new feature suggestions that enhance Matomo's capabilities or add a new report, new API etc. Help wanted Beginner friendly issues or issues where we'd highly appreciate community's help and involvement.
Milestone
4.5.0

Comments

@tsteur
Copy link
Member

tsteur commented Sep 29, 2021

We implemented this in #17789 for the regular DB. However, we didn't implement this for the tracker DB around https://github.com/matomo-org/matomo/blob/4.4.1/core/Tracker/Db.php#L280-L281

We'd want to implement same logic what we did for #17789 for tracker DB too.

refs #7727 which has more background on why there are two different DBs
@tsteur tsteur added Enhancement For new feature suggestions that enhance Matomo's capabilities or add a new report, new API etc. Help wanted Beginner friendly issues or issues where we'd highly appreciate community's help and involvement. labels Sep 29, 2021
@tsteur tsteur added this to the 4.7.0 milestone Sep 29, 2021
@peterhashair peterhashair self-assigned this Sep 29, 2021
@peterhashair peterhashair linked a pull request Sep 30, 2021 that will close this issue
replace db error message #18085
Merged
11 tasks
@justinvelluppillai justinvelluppillai added the c: Security For issues that make Matomo more secure. Please report issues through HackerOne and not in Github. label Oct 6, 2021
@justinvelluppillai justinvelluppillai modified the milestones: 4.7.0, 4.5.0 Oct 7, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@peterhashair peterhashair

Labels
c: Security For issues that make Matomo more secure. Please report issues through HackerOne and not in Github. Enhancement For new feature suggestions that enhance Matomo's capabilities or add a new report, new API etc. Help wanted Beginner friendly issues or issues where we'd highly appreciate community's help and involvement.
Projects
None yet
Milestone
4.5.0
Development

Successfully merging a pull request may close this issue.

replace db error message matomo-org/matomo
3 participants
@tsteur @justinvelluppillai @peterhashair