Huge security risk on connection timeout

When we have the case that for some circumstances the database is not available and so the connection is not available then there is the PDOException, which is quite ok so far. But not handling this exception somewhere and fire a new one is quite bad. The reason is that the current way makes your username and password available to everyone who can at least see the php error output if enabled.

As you can see here the constructor arguments to OAuth2/Storage/Pdo are shown as string. It would be better not to rely on disabled php error outputs, as this might not be the case everywhere, and a database cannot be available everytime. Fatal error: Uncaught exception 'PDOException' with message 'SQLSTATE[HY000] [2002] Connection refused' in /home/.sites/65/site9693764/web/portal/vendor/bshaffer/oauth2-server-php/src/OAuth2/Storage/Pdo.php:53 Stack trace: #0 /home/.sites/65/site9693764/web/portal/vendor/bshaffer/oauth2-server-php/src/OAuth2/Storage/Pdo.php(53): PDO->construct('mysql:host=127....', 'dev', 'dev', Array) #1 /home/.sites/65/site9693764/web/portal/vendor/zfcampus/zf-oauth2/src/Adapter/PdoAdapter.php(89): OAuth2\Storage\Pdo->construct(Array, Array) #2 /home/.sites/65/site9693764/web/portal/vendor/zfcampus/zf-oauth2/src/Factory/PdoAdapterFactory.php(45): ZF\OAuth2\Adapter\PdoAdapter->__construct(Array, Array) #3 [internal function]: ZF\OAuth2\Factory\PdoAdapterFactory->createService(Object(Zend\ServiceManager\ServiceManager), 'zfoauth2adapter...', 'ZF\OAuth2\Adapt...') #4 /home/.sites/65/site9693764/web/portal/vendor/zendframework/zendframework/library/Zend/ServiceManager/ServiceManager.php(902): call_user_func(Array, Object(Zend\ServiceM in /home/.sites/65/site9693764/web/portal/vendor/zendframework/zendframework/library/Zend/ServiceManager/ServiceManager.php on line 909

Don't know if this is an issue of interest but I think so

bshaffer / oauth2-server-php

Huge security risk on connection timeout #483