

If you don't catch an exception, PHP spills your MySQL account info by default - scrapcode
http://php.net/manual/en/pdo.connections.php

======
patio11
This is mitigated somewhat by most sane deployments using firewalls or similar
mechanisms to prevent access to MySQL from non-trusted hosts. If any box on
the Internet can already talk to MySQL, you're... not in an excellent security
posture.

------
scrapcode
Quoted from the above official PHP docs: "If your application does not catch
the exception thrown from the PDO constructor, the default action taken by the
zend engine is to terminate the script and display a back trace. This back
trace will likely reveal the full database connection details, including the
username and password. [...]"

------
SixSigma
Why are your errors going to the browser ?

