[SECURITY] Prevented PhabricatorSetupIssueView from exposing sensitive config…
3b1a1ae7e309
Actions

Authored by James Rhodes <jrhodes@redpointsoftware.com.au> on Apr 6 2013, 09:27.

Description

[SECURITY] Prevented PhabricatorSetupIssueView from exposing sensitive config options.

Summary:
Currently PhabricatorSetupIssueView will show the current values of
configuration options regardless of whether or not they are defined
as hidden options. This means that if the MySQL server stops, Phabricator
will present the MySQL connection credentials to anyone who can access
the Phabricator page.

Test Plan:
Stop the MySQL server for a Phabricator instance. It should display 'hidden'
instead of the MySQL password.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D5596

Details

Committed

epriestley <git@epriestley.com>

Apr 6 2013, 09:39

Pushed

aubort

Jan 31 2017, 17:16

Parents

rPHbbfc8a093715: Fix typo in comment

Branches

Unknown

Tags

Unknown

Event Timeline

epriestley <git@epriestley.com> committed rPH3b1a1ae7e309: [SECURITY] Prevented PhabricatorSetupIssueView from exposing sensitive config… (authored by James Rhodes <jrhodes@redpointsoftware.com.au>).Apr 6 2013, 09:39

Changes (2)

				Path
	M			src/applications/config/response/PhabricatorConfigResponse.php
	M			src/applications/config/view/PhabricatorSetupIssueView.php

[SECURITY] Prevented PhabricatorSetupIssueView from exposing sensitive config…3b1a1ae7e309Actions

Description

Details

Event Timeline

Changes (2)

rPH3b1a1ae7e309

src/applications/config/response/PhabricatorConfigResponse.php

src/applications/config/view/PhabricatorSetupIssueView.php

[SECURITY] Prevented PhabricatorSetupIssueView from exposing sensitive config…
3b1a1ae7e309
Actions