Database connection parameters including password shown if dbtype wrong/unsupported
-----------------------------------------------------------------------------------
Key: GEOS-3044
URL: http://jira.codehaus.org/browse/GEOS-3044
Project: GeoServer
Issue Type: Bug
Components: WFS
Reporter: Ben Caradoc-Davies
Assignee: Andrea Aime
If no SPI data access factory can be found, the connection parameters, including password, are included in the WFS ows:ExceptionReport. This gives an end user access to confidential information.
{code}
<?xml version="1.0" encoding="UTF-8"?>
<ows:ExceptionReport version="1.0.0"
xsi:schemaLocation="http://www.opengis.net/ows http://localhost:8080/geoserver/schemas/ows/1.0.0/owsExceptionReport.xsd"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:ows="http://www.opengis.net/ows">
<ows:Exception exceptionCode="NoApplicableCode">
<ows:ExceptionText>Error occurred getting features
Cannot find a DataAccess for parameters {user=test,
passwd=s3cr3t, host=name.changed.to.protect.the.innocent, port=1521,
database=test, dbtype=Ooracle}</ows:ExceptionText>
</ows:Exception>
</ows:ExceptionReport>
{code}
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira