Database connection string disclosed
Description: Database connection string disclosed
A database connection string specifies information about a data source and the means of connecting to it. In web applications, connection strings are generally used by the application tier to connect to the back database used for storing application data. They are usually read from server-side configuration files or hard-coded into application source code.
Remediation: Database connection string disclosed
It is almost never necessary for applications to disclose database connection strings to clients. The reason for the disclosure should be reviewed and addressed.
- CWE-15: External Control of System or Configuration Setting
- CWE-497: Exposure of System Data to an Unauthorized Control Sphere
- CAPEC-37: Retrieve Embedded Sensitive Data