Database structure outdated, weak error handling #12

New Issue

Open

opened 2024-03-03 08:53:34 +01:00 by pfm · 3 comments

pfm commented

2024-03-03 08:53:34 +01:00

Owner

Upon unsuccessful key upload I've got:

Encountered database error: SQLSTATE[HY000]: General error: 1364 Field 'status' doesn't have a default value. If this is unexpected, consider reporting it to our web team. Otherwise, click here to return to the home page.

with:

"reporting it to our team" linking to Support Mailbox,
"click here to return to the home page" linking to https://keys.lacre.io.

Most important thing here, is that we expose SQL error as-is and the user could try abusing it.

Upon unsuccessful key upload I've got: > Encountered database error: SQLSTATE[HY000]: General error: 1364 Field 'status' doesn't have a default value. If this is unexpected, consider reporting it to our web team. Otherwise, click here to return to the home page. with: * "reporting it to our team" linking to Support Mailbox, * "click here to return to the home page" linking to https://keys.lacre.io. Most important thing here, is that we **expose SQL error as-is** and the user could try abusing it.

muppeth commented

2024-03-03 08:55:58 +01:00

Owner

Yes I saw that issue. I thought for now exposing errors is ok as we are in early stages and perhaps its good to see 'em. So we need to add default value in db schema right?

pfm commented

2024-03-03 08:57:51 +01:00

Author

Owner

Yes, I've added it on lacre.io and next I'll add it to lacre.dbschema in the backend.

I would rather log these kinds of issues somewhere and just tell the user something went wrong.

Yes, I've added it on `lacre.io` and next I'll add it to `lacre.dbschema` in the backend. I would rather log these kinds of issues somewhere and just tell the user something went wrong.