jsonapi reveals sensitive information about the database structure

Help for integrating the Laravel package
Forum rules
Always add your Laravel, Aimeos and PHP version as well as your environment (Linux/Mac/Win)
Spam and unrelated posts will be removed immediately!
Post Reply
kdim95
Advanced
Posts: 196
Joined: 26 Aug 2022, 12:17

jsonapi reveals sensitive information about the database structure

Post by kdim95 » 10 Feb 2023, 12:44

Laravel framework version: 9.50.2
Aimeos Laravel version: ~2022.10
PHP Version: 8.2.1
Environment: Linux

Hello,

When using the jsonapi, if there is an error, Aimeos reveals sensitive information about the database, like column names and queries. Is there any intended way to hide this kind of SQL output?

sql_statement.png
sql_statement.png (10.66 KiB) Viewed 595 times
Top
User avatar
aimeos
Administrator
Posts: 7873
Joined: 01 Jan 1970, 00:00

Re: jsonapi reveals sensitive information about the database structure

Post by aimeos » 10 Feb 2023, 13:13

The database schema is well known and the revealed data is always only your own or can be retrieved by other endpoints. Thus, the revealed information isn't really sensitive.

Nevertheless, it's always good practice to reveal as less data as possible. We've added a change to 2022.10.x-dev that hides that kind of data and logs it to the DB instead. You can try yourself by installing the -dev version:

Code: Select all

composer req aimeos/ai-client-jsonapi:2022.10.x-dev
Professional support and custom implementation are available at Aimeos.com
If you like Aimeos, Image give us a star
Top
kdim95
Advanced
Posts: 196
Joined: 26 Aug 2022, 12:17

Re: jsonapi reveals sensitive information about the database structure

Post by kdim95 » 17 Feb 2023, 11:29

Thank you, that seems to work!
Top
Post Reply

Return to “Laravel package”