Error message shows DB password
Discussion
Just a small heads up. When the DB fell over just now, the error message displayed in my browser showed your server's database username, IP, and password.
errormessage said:
Failed to open slave '10.2.25.21'
Error #80004005
[MySQL] [ODBC 3.51 Driver] Can't connect to MySQL server on '10.2.25.21' (10061)
(Source: Microsoft OLE DB Provider for ODBC Drivers)
(SQL State: S1000)
(NativeError: 2003)
Connection: Driver={MySQL ODBC 3.51 Driver};Server=10.2.25.21;Port=3306;Option=3;Stmt=;Database=forums;Uid=ZZZZZZZZZZZZZZ;Pwd=XXXXXXXXXXXXXXXXXXXXXXXXX
URL: www.pistonheads.com/xforums/topic.asp?h=0&f=23...
REMOTE ADDRESS: 95.172.230.185, 10.244.189.109:38100, 54.155.160.171
REMOTE HOST: 1.1.1.1
LOCAL ADDRESS: 10.2.20.15
REFERER:
Error #80004005
[MySQL] [ODBC 3.51 Driver] Can't connect to MySQL server on '10.2.25.21' (10061)
(Source: Microsoft OLE DB Provider for ODBC Drivers)
(SQL State: S1000)
(NativeError: 2003)
Connection: Driver={MySQL ODBC 3.51 Driver};Server=10.2.25.21;Port=3306;Option=3;Stmt=;Database=forums;Uid=ZZZZZZZZZZZZZZ;Pwd=XXXXXXXXXXXXXXXXXXXXXXXXX
URL: www.pistonheads.com/xforums/topic.asp?h=0&f=23...
REMOTE ADDRESS: 95.172.230.185, 10.244.189.109:38100, 54.155.160.171
REMOTE HOST: 1.1.1.1
LOCAL ADDRESS: 10.2.20.15
REFERER:
IainT said:
Looks to be on an internal IP so shouldn't be vulnerable to remote access unless the firewall's borked too!
There's no way the techies would re-use a password across multiple appliances is there?
All error messages should have the UID and PWD masked, so will investigate where that is showing. The current issue is just with the database, the firewall is secure and the username and password are specific to just that database and not shared.There's no way the techies would re-use a password across multiple appliances is there?
Though as a precaution we will change it as part of getting the database back up and running.
Gassing Station | Website Feedback | Top of Page | What's New | My Stuff