Home/ Questions/Q 7817769
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-02T06:21:00+00:00

If my mongo database is down, my php application is printing out the plaintext

  • 0

If my mongo database is down, my php application is printing out the plaintext password in the error. How can I prevent this?

Fatal error: Uncaught exception 'MongoCursorException' with message 
'couldn't send command' in /ap/db.php:23     Stack trace: 
#0 /ap/db.php(23): MongoDB->authenticate('username', 'actual_password') 
#1 /ap/index.php(6): Worker->__construct() #2 {main} thrown in /ap/db.php 
on line 23

I understand that I can disable php errors, but that is not what I want to do. I want to see an error, but I don’t want it to print the password.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    In a production application, users should never see an error like “Uncaught exception” or other developer-oriented message. This exposes a lot of information to a potential attacker and confuses your legitimate users. Log the detailed technical message and display a friendly error page to the user.

    To disable visible errors and log them instead, edit php.ini:

    • Set error_log to a valid log path
    • Set display_errors to Off.

    The process to enable friendly errors depends on your web server, but the idea is the same: Set a custom page to be displayed when a 500 error is encountered. In Apache, for example, you set ErrorDocument 500 /path/to/custom/500.html.

    EDIT :

    OP indicates that this is a development box — either way you should wrap your connection attempt in a try/catch block (which is something you should be doing anyway), and then you can display a ‘sanitized’ error message:

    try {
  MongoDB->authenticate('username','password');
} catch (MongoCursorException $e) {
  die("Unable to authenticate to database [code: " . $e->getCode() . "]: "
    . $e->getMessage());
}
    • 0