Database Connection String
- CWE 200
A possible database connection string was discovered on this page. The connection string may include attributes such as the name of the driver, server and database, as well as security information such as user name and password. They are usually read from server-side configuration files or hard-coded into application source code.
Remediation
It is usually unnecessary for applications to disclose database connection strings to clients. Access to this file or disclosure of this connection string should be restricted.
References
Go Back to List
Search Vulnerability
You may also see
- Long Redirect Response
- Error Message
- Stack Trace
- Internal Path
- Not Secure Cookie
- Not Http-Only Cookie
- Sensitive Data in Query String
- Sensitive Data over HTTP
- Server Error
- Source Code Disclosure
- Information Leakage
- Web Backdoor
- Database Connection String
- Autocomplete Enabled
- Undefined Content-Type Header
- Missing X-Frame-Options Header
- Mixed Content
- Insecure iFrame
- XPath Injection
- Basic Authentication over HTTP
- Forbidden Resource
- Multiple Choices Enabled
- Apache MultiViews Enabled