Come together with the global Drupal community in Rotterdam, 28 Sept – 1 Oct 2026. Sessions, contribution, connection, and Early Bird savings until 8 June.
By rneal@drupal.org on
For some reason my server is out of database connections. We're looking into that.
The issue is the Drupal error page that users see. It gives the name of the settings file and says that the user ID and password are stored there. It shows the user name and server name used from the settings file.
So now, a casual user, hacker, cracker, or anyone stopping by my site has two of the three pieces of info they would need to get in to my database server. Maybe it's just me, but this doesn't seem prudent.
Anyway, is there any way I can turn off or alter this database connection error page?
Comments
I posted this some time ago
As a bug, and was basically told too bad, get lost, by the security team. I don't know whether it's been addressed in the most recent releases, but I doubt it. I still don't think it's a good idea to have that sort of information displayed publicly.
Administer >> settings >> error handling
Under Error reporting, you have two choices:
Choose the second one and only users who can access the log can see all those error details.
That doesn't work
This isn't the log we're talking about. If your database crashes or is unavailable, your site is also completely unavailable. The public then sees a Drupal splash page which reveals the information mentioned above. See http://drupal.org/node/62098 for previous discussion on this.
Worked for a similar situation
Thanks for the link. Good to know what has been discussed before. I mentioned the solution above because I had a similar situation when I was setting up a PayPal sandbox account on a Civicrm/Drupal 4.7.3 installation. Error messages showing web server username and paths to files on a shared hosting account were visible when I tested the registration/payment flow of the site as an anonymous user. I was advised to do the above solution and the error messages ceased to appear on the screen.