Hi, today I had a problem that left me concerned.
I use MySQL access in my App through an .php file that handles SQL requests.
My Kodular app sends a Key + SQL command + the URL for the .php page.
When there is an error the following arrangement hides the sensitive information:
But today I coincided using the App at a moment that the MySQL provider had not only the MySQL server down but the Apache server where my .php file is hosted.
Even my web page hosted by this provider was momentarily down.
Then my App displayed an error message but this time, somehow, it was not handled by the construct above and the entire string including my sensitive data was displayed.
The message shown did not have the OK the Notifier above shows along with the error message.
Before I had time to react and do something like recording the screen to include on this post the hosting service recovered and was up again.
During this outage I tried to access my app some 3 times and had the full text error on my screen, full including my key and the whole URL.
I am kind of very concerned because in the possession of my Key and full URL the whole SQL data is dangerously exposed to vandalism.
Hi, I was able to reproduce the problem by changing to an invalid URL.
Please, see the problem below (sensitive data removed).
Is there anything I can do to try to circumvent this vulnerability?
Thanks
Paulo
