Homec4science

[SECURITY] Prevented PhabricatorSetupIssueView from exposing sensitive config…

Authored by James Rhodes <jrhodes@redpointsoftware.com.au> on Apr 6 2013, 09:27.

Description

[SECURITY] Prevented PhabricatorSetupIssueView from exposing sensitive config options.

Summary:
Currently PhabricatorSetupIssueView will show the current values of
configuration options regardless of whether or not they are defined
as hidden options. This means that if the MySQL server stops, Phabricator
will present the MySQL connection credentials to anyone who can access
the Phabricator page.

Test Plan:
Stop the MySQL server for a Phabricator instance. It should display 'hidden'
instead of the MySQL password.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D5596

Details

Committed
epriestley <git@epriestley.com>Apr 6 2013, 09:39
Pushed
aubortJan 31 2017, 17:16
Parents
rPHbbfc8a093715: Fix typo in comment
Branches
Unknown
Tags
Unknown

Event Timeline

epriestley <git@epriestley.com> committed rPH3b1a1ae7e309: [SECURITY] Prevented PhabricatorSetupIssueView from exposing sensitive config… (authored by James Rhodes <jrhodes@redpointsoftware.com.au>).Apr 6 2013, 09:39