jsonapi reveals sensitive information about the database structure
Forum rules
Always add your Laravel, Aimeos and PHP version as well as your environment (Linux/Mac/Win)
Spam and unrelated posts will be removed immediately!
Always add your Laravel, Aimeos and PHP version as well as your environment (Linux/Mac/Win)
Spam and unrelated posts will be removed immediately!
jsonapi reveals sensitive information about the database structure
Laravel framework version: 9.50.2
Aimeos Laravel version: ~2022.10
PHP Version: 8.2.1
Environment: Linux
Hello,
When using the jsonapi, if there is an error, Aimeos reveals sensitive information about the database, like column names and queries. Is there any intended way to hide this kind of SQL output?
Aimeos Laravel version: ~2022.10
PHP Version: 8.2.1
Environment: Linux
Hello,
When using the jsonapi, if there is an error, Aimeos reveals sensitive information about the database, like column names and queries. Is there any intended way to hide this kind of SQL output?
Re: jsonapi reveals sensitive information about the database structure
The database schema is well known and the revealed data is always only your own or can be retrieved by other endpoints. Thus, the revealed information isn't really sensitive.
Nevertheless, it's always good practice to reveal as less data as possible. We've added a change to 2022.10.x-dev that hides that kind of data and logs it to the DB instead. You can try yourself by installing the -dev version:
Nevertheless, it's always good practice to reveal as less data as possible. We've added a change to 2022.10.x-dev that hides that kind of data and logs it to the DB instead. You can try yourself by installing the -dev version:
Code: Select all
composer req aimeos/ai-client-jsonapi:2022.10.x-dev
Professional support and custom implementation are available at Aimeos.com
If you like Aimeos, give us a star
If you like Aimeos, give us a star
Re: jsonapi reveals sensitive information about the database structure
Thank you, that seems to work!