Custom database script error and private encrypted values are exposed to user

daniel.francois · May 9, 2019, 9:26am

Hi, I tryied to search the documentation + community about that but didnt find something looking like what I want to achieve: I am testing a custom database connexion, and when attempting to log in, I had an error related to my database configuration.
I know that this error is a misconfiguration in my database, and I will fix it, but still, errors like that could happen, and the issue is that, IMO, this kind of error should not be sent back to the end user trying to sign up, also, I’m concerned because this error exposed private variables uncrypted to the user.

Is there a way to avoid this kind of error to be sent back to the end user ?

konrad.sopala · September 3, 2019, 7:55am

Hey there!

Sorry for such huge delay in response! We’re doing our best in providing you with best developer support experience out there, but sometimes our bandwidth is not enough comparing to the number of incoming questions.

Wanted to reach out to know if you still require further assistance?

daniel.francois · September 3, 2019, 8:22am

Hi Konrad.
I don’t need support for this issue, juste that I think that it could be some kind of general security issue to expose such information to the end user.

konrad.sopala · September 3, 2019, 8:24am

Thanks a lot for providing that feedback! Just relaying it to our security team!