php mysqli_connect error exposes information in error_log file, how to prevent that?

Question

In the main directory of the website in the index.php file, On the line 11 I have this line:

require_once('../db.php');

The db.php file contains the information for connecting to MySQL server and database which is under the root directory one level above the public_html directory.

I have disabled php error report so that the user won't see the errors and by doing that it stores the errors in a file called error_log.

Sometimes I see this error in that file for an unknown reason:

[24-May-2022 00:18:28 UTC] PHP Fatal error:  Uncaught mysqli_sql_exception: No such file or directory in /home/username123/db.php:17
Stack trace:
#0 /home/username123/db.php(17): mysqli_connect('localhost', 'username123_dbname...', 'password', 'db_username', 1234)
#1 /home/username123/public_html/index.php(11): require_once('/home/username123/...')
#2 {main}
  thrown in /home/username123/db.php on line 17

And the line 17 in the db.php is this:

$con = mysqli_connect(HOSTNAME, DB_USERNAME, DB_PASSWORD, DB_NAME, 1234) or die ("error");

I don't know why this happens. That db.php file is always there and visiting the home page doesn't have any problems.

But my question is this:

In the error log it shows the username and password and database name etc, How can I prevent that?

Answer 1

This happens because it's default behavior for exceptions in PHP. An uncaught exception gets converted to string when logged, and such a conversion includes adding a stack trace to the error message. And by default a stack trace would contain a list of arguments supplied for each function.

Yes, seeing your password openly in the logs can be uncomfortable. There are different options to deal with this.

1. Exclude sensitive information from the stack trace

Starting from PHP 8.2 it will be possible to exclude certain information from the stack trace. The most preferred method that is yet unavailable.

2. Exclude arguments from the stack trace

You can use zend.exception-ignore-args PHP configuration directive to temporarily disablie adding function arguments to the stack trace. You can do it like this

$ignore_args = ini_get('zend.exception_ignore_args');
ini_set('zend.exception_ignore_args', 1);
$con = mysqli_connect(HOSTNAME, DB_USERNAME, DB_PASSWORD, DB_NAME, 1234);
ini_set('zend.exception_ignore_args', $ignore_args);

And your credentials will disappear from from the stack trace. Thus your error message will look like

[24-May-2022 00:18:28 UTC] PHP Fatal error:  Uncaught mysqli_sql_exception: No such file or directory in /home/username123/db.php:17
Stack trace:
#0 /home/username123/db.php(17): mysqli_connect()
#1 /home/username123/public_html/index.php(11): require_once('/home/username123/...')
#2 {main}
  thrown in /home/username123/db.php on line 17

This is not very useful option, as the very parameters we threw off could be the actual clue we are looking for to pinpoint the problem.

3. Leave everything as is

To be honest, whatever sensitive information can appear in any error message and any stack trace. You won't be able to redact every single sensitive parameter. Better concentrate on guarding your logs because error messages can be indispensable source of information even without passwords.