Exceptions during connections should not expose the password in trace

[beppe9000]

I often echo exceptions as html comments, and this would be a great security risk, if the db wasnt rejecting remote connections. If the db is publicly accessible then pwning awaits.

Medoo could filter out login details and rethrow.

Exception::__set_state(array(
   'message' => 'SQLSTATE[HY000] [2002] php_network_getaddresses: getaddrinfo failed: Host sconosciuto. ',
   'string' => '',
   'code' => 0,
   'file' => 'C:\\#######\\medoo.php',
   'line' => 150,
   'trace' => 
  array (
    0 => 
    array (
      'file' => 'C:\\#######\\lib.php',
      'line' => 47,
      'function' => '__construct',
      'class' => 'medoo',
      'type' => '->',
      'args' => 
      array (
        0 => 
        array (
          'database_type' => 'mysql',
          'database_name' => '########',
          'server' => '##########',
          'username' => '######',
          'password' => '#####',
          'charset' => 'latin1',
          'option' => 
          array (
            3 => 2,
          ),
        ),
      ),
    ),
    1 => 
    array (
      'file' => '####',
      'line' => 755,
      'function' => '__construct',
      'class' => '#####',
      'type' => '->',
      'args' => 
      array (
      ),
    ),
    2 => 
    array (
      'file' => 'C:\\#####\\index.php',
      'line' => 17,
      'args' => 
      array (
        0 => 'C:\\######\lib.php',
      ),
      'function' => 'require_once',
    ),
  ),
   'previous' => NULL,
))

[catfan]

In fact, you should not enable displaying error message while you are in production environment.