RE: Question about password character in ECPG's connection string

From: "Egashira, Yusuke" <egashira(dot)yusuke(at)jp(dot)fujitsu(dot)com>
To: 'Luca Ferrari' <fluca1978(at)gmail(dot)com>, Alban Hertroys <haramrae(at)gmail(dot)com>, "pgsql-general(at)postgresql(dot)org" <pgsql-general(at)postgresql(dot)org>
Cc: Adrian Klaver <adrian(dot)klaver(at)aklaver(dot)com>, Giuseppe Sacco <giuseppe(at)eppesuigoccas(dot)homedns(dot)org>
Subject: RE: Question about password character in ECPG's connection string
Date: 2019-08-29 11:08:37
Message-ID: 848B1649C8A6274AA527C4472CA11EDD5FC78613@G01JPEXMBYT02
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-general

> > Perhaps it helps to URL-encode the & in the password as %26?
>
> The OP already did without success.

Yes, I already get failed with URL-encode the &.

> Could it be needed to escape the & with the backslash or single ticks?

Thanks. I tested with "pass\&word" and "'pass&word'".
However, them also failed...

My tested ways are followings.
- [ECPG] Connection option with plain string :
EXEC SQL CONNECT "tcp:postgresql://localhost?user=myuser&password=pass&word"
-> Failed.
- [ECPG] Connection option with percent-encoded string :
EXEC SQL CONNECT "tcp:postgresql://localhost?user=myuser&password=pass%26word"
-> Failed.
- [ECPG] Connection option with backslash escaped string :
EXEC SQL CONNECT "tcp:postgresql://localhost?user=myuser&password=pass\&word"
-> Failed. (and gcc claims warning)
- [ECPG] Connection option with single-quoted string :
EXEC SQL CONNECT "tcp:postgresql://localhost?user=myuser&password='pass&word'"
-> Failed.
- [ECPG] USING or IDENTIFIED BY phrase :
EXEC SQL CONNECT "tcp:postgresql://localhost" USER "myuser" USING "pass&word"
EXEC SQL CONNECT "tcp:postgresql://localhost" USER "myuser" IDENTIFIED BY "pass&word"
-> Success.
- [psql] Connection option with plain string :
psql "postgresql://localhost?user=myuser&password=pass&word"
-> Failed.
- [psql] Connection option with percent-encoded string :
psql "postgresql://localhost?user=myuser&password=pass%26word"
-> Success.

According to my tests, I think that the ECPG's connection_option seems not to accept '&' character as password anyhow...
ECPG CONNECT's connection_option seems to have some restricted characters.
I will use "IDENTIFIED BY" phrase to connect the database in my ECPG application.

The database role's password often contains '&' in our environment.
I hope to this limitation will be documented because it causes confusion.

Regards.
--
Yusuke, Egashira

In response to

Responses

Browse pgsql-general by date

  From Date Subject
Next Message Luca Ferrari 2019-08-29 11:34:23 Re: Question about password character in ECPG's connection string
Previous Message Erika Knihti-Van Driessche 2019-08-29 11:00:21 Security patch older releases