I have a simple website where I establish a connection to a MySQL server using PDO.
$dbh = new PDO('mysql:host=localhost;dbname=DB;port=3306',
'USER',
'SECRET',
array(PDO::MYSQL_ATTR_INIT_COMMAND => "SET NAMES utf8"));
I had some traffic on my site and the server's connection limit was reached, and the website throws this error, with my plain password in it!
Fatal error: Uncaught exception
'PDOException' with message
'SQLSTATE[08004] [1040] Too many
connections' in
/home/domain/html/index.php:xxx
Stack trace: #0
/home/domain/html/index.php(64):
PDO->__construct('mysql:host=loca...',
'USER', 'SECRET', Array) #1
{main} thrown in
/home/domain/html/index.php on
line 64
Ironically I switched to PDO for security reasons, so this really shocked me, because this exact error is something you can provoke very easily on most sites using simple HTTP flooding.
I have now wrapped my connection in a try/catch block, but still I think this is catastrophic!
I am new to PDO and so my question is: what do I have to do to consider to be safe? How do I establish a connection in a secure way? Are there other known security holes like this one that I have to be aware of?
See Question&Answers more detail:
os 与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…