[MDEV-13295] Function PASSWORD does not treat backslashes literally Created: 2017-07-11 Updated: 2017-07-11 Resolved: 2017-07-11 |
|
| Status: | Closed |
| Project: | MariaDB Server |
| Component/s: | Parser |
| Affects Version/s: | 10.1.23 |
| Fix Version/s: | N/A |
| Type: | Bug | Priority: | Major |
| Reporter: | Bernhard Kirchen | Assignee: | Sergei Golubchik |
| Resolution: | Won't Fix | Votes: | 0 |
| Labels: | None | ||
| Environment: |
Debian Stretch |
||
| Description |
|
When altering the password for a user using the mariadb monitor, backslash characters are not treated literally although in quotation marks:
Result: User must log in using passwod "abcdef".
Result: User must log in using password "abc\def" (typing one backslash with the keyboard). I find this very confusing and nearly locked myself out of my databases (resetting password for root user). |
| Comments |
| Comment by Sergei Golubchik [ 2017-07-11 ] |
|
First, it cannot be fixed (in the current architecture) — first SQL parser parser the query, at this point it interprets escaped characters in a string, then when PASSWORD function is involved it does not see backslashes to "treat them literally", it gets the string after the SQL parser, with backslashes already handled. Second, even if it would be possible to fix, it shouldn't be. If it'd be fixed, one wouldn't be able to create a password with certain characters. Anyway, if you don't want backslash to be used as an escape characters, you can set sql_mode to NO_BACKSLASH_ESCAPES. |