diff options
author | bogdanvlviv <bogdanvlviv@gmail.com> | 2018-08-28 09:20:18 +0300 |
---|---|---|
committer | bogdanvlviv <bogdanvlviv@gmail.com> | 2018-08-29 12:40:30 +0300 |
commit | 9b455fe6f0e5d21e8c428da5bdba7d0f3162aef7 (patch) | |
tree | b5836118dfd7a5910fca16571e21be6d8467e1b0 /activerecord/lib/active_record/base.rb | |
parent | 068fe7dc9045856b822833db5cb7cb690e6000d7 (diff) | |
download | rails-9b455fe6f0e5d21e8c428da5bdba7d0f3162aef7.tar.gz rails-9b455fe6f0e5d21e8c428da5bdba7d0f3162aef7.tar.bz2 rails-9b455fe6f0e5d21e8c428da5bdba7d0f3162aef7.zip |
Prevent leaking of user's DB credentials on `rails db:create` failure
Issue #27852 reports that when `rails db:create` fails, it causes
leaking of user's DB credentials to $stderr.
We print a DB's configuration hash in order to help users more quickly
to figure out what could be wrong with his configuration.
This commit changes message from
"Couldn't create database for #{configuration.inspect}" to
"Couldn't create '#{configuration['database']}' database. Please check your configuration.".
There are two PRs that fixing it #27878, #27879, but they need a bit more work.
I decided help to finish this and added Author of those PRs credit in this commit.
Since it is a security issue, I think we should backport it to
`5-2-stable`, and `5-1-stable`.
Guided by https://edgeguides.rubyonrails.org/maintenance_policy.html#security-issues
Fixes #27852
Closes #27879
Related to #27878
[Alexander Marrs & bogdanvlviv]
Diffstat (limited to 'activerecord/lib/active_record/base.rb')
0 files changed, 0 insertions, 0 deletions