aboutsummaryrefslogtreecommitdiffstats
path: root/RAILS_VERSION
diff options
context:
space:
mode:
authorbogdanvlviv <bogdanvlviv@gmail.com>2018-08-28 09:20:18 +0300
committerbogdanvlviv <bogdanvlviv@gmail.com>2018-08-29 12:40:30 +0300
commit9b455fe6f0e5d21e8c428da5bdba7d0f3162aef7 (patch)
treeb5836118dfd7a5910fca16571e21be6d8467e1b0 /RAILS_VERSION
parent068fe7dc9045856b822833db5cb7cb690e6000d7 (diff)
downloadrails-9b455fe6f0e5d21e8c428da5bdba7d0f3162aef7.tar.gz
rails-9b455fe6f0e5d21e8c428da5bdba7d0f3162aef7.tar.bz2
rails-9b455fe6f0e5d21e8c428da5bdba7d0f3162aef7.zip
Prevent leaking of user's DB credentials on `rails db:create` failure
Issue #27852 reports that when `rails db:create` fails, it causes leaking of user's DB credentials to $stderr. We print a DB's configuration hash in order to help users more quickly to figure out what could be wrong with his configuration. This commit changes message from "Couldn't create database for #{configuration.inspect}" to "Couldn't create '#{configuration['database']}' database. Please check your configuration.". There are two PRs that fixing it #27878, #27879, but they need a bit more work. I decided help to finish this and added Author of those PRs credit in this commit. Since it is a security issue, I think we should backport it to `5-2-stable`, and `5-1-stable`. Guided by https://edgeguides.rubyonrails.org/maintenance_policy.html#security-issues Fixes #27852 Closes #27879 Related to #27878 [Alexander Marrs & bogdanvlviv]
Diffstat (limited to 'RAILS_VERSION')
0 files changed, 0 insertions, 0 deletions