Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Database Connection Configuration Information Disclosure (Web)

Medium

Synopsis

The remote web application server may be prone to a policy violation.

Description

PVS has just noted a web transaction that included database connection information. This includes database name, user ID, password and more.

Solution

Ensure that such information is not stored or sent in plaintext. Note: PVS only reports on the first occurence of this item on a web server. Parse your entire web source for similar occurrences.