[#MDEV-6177] FR: Throw a warning if password line in cnf file contains hash character (#)

[MDEV-6177] FR: Throw a warning if password line in cnf file contains hash character (#) Created: 2014-04-25 Updated: 2015-01-24 Resolved: 2015-01-24
Status:	Closed
Project:	MariaDB Server
Component/s:	OTHER
Fix Version/s:	N/A

Type:

Task

Priority:

Minor

Reporter:

Robert Voje

Assignee:

Unassigned

Resolution:

Won't Fix

Votes:

Labels:

client, cnf, connection

Description

When I have a # character in my password, and try to use a .cnf file for auto login, the parser seems to strip all characters after the hash in the cnf file.
I believe it's some kind of "comment stripper" in the code that's the culprit.
Since the # char is perfectly valid for passwords everywhere else (working in php, entered on command line, etc), the mysql client should at least yield a warning when finding a comment char in a password in some cnf file.

Comments

Comment by Robert Voje [ 2014-04-25 ]

Forgot to add example of my cnf file.

Working:
[client]
host=mysql.example.com
password=abc123

Not working:
[client]
host=mysql.example.com
password=abc#123

Comment by Elena Stepanova [ 2014-04-26 ]

As usually with valid yet not completely innocent symbols, enclosing the string into quotation marks solves the problem:

[client]

host=mysql.example.com

password='abc#123'

It is also explicitly documented in MySQL manual: https://dev.mysql.com/doc/refman/5.5/en/option-files.html

#comment, ;comment
Comment lines start with “#” or “;”. A “#” comment can start in the middle of a line as well.

opt_name=value

This is equivalent to --opt_name=value on the command line. In an option file, you can have spaces around the “=” character, something that is not true on the command line. You can optionally enclose the value within single quotation marks or double quotation marks, which is useful if the value contains a “#” comment character.

Comment by Robert Voje [ 2014-04-26 ]

Would be nice if it worked, but it doesn't. At least not my 10.0.10 server

Comment by Robert Voje [ 2014-04-26 ]

Forgot to add correct host while testing.
It works, but I still mean that it should be some warning here.

Comment by Robert Voje [ 2014-04-26 ]

It would be nice to be able to turn this bug into a feature request, but I can't find the way..

Comment by Sergei Golubchik [ 2015-01-24 ]

This is valid and documented behavior. MariaDB doesn't have any way to distinguish between an intentional comment or an unquoted hash character, so it has to rely on the user for that.

Generated at Thu Feb 08 07:09:56 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.

[MDEV-6177] FR: Throw a warning if password line in cnf file contains hash character (#) Created: 2014-04-25 Updated: 2015-01-24 Resolved: 2015-01-24