Skip Menu |
 

This queue is for tickets about the DBD-mysql CPAN distribution.

Report information
The Basics
Id: 108650
Status: resolved
Priority: 0/
Queue: DBD-mysql

People
Owner: Nobody in particular
Requestors: NStevens [...] websense.com
Cc:
AdminCc:

Bug Information
Severity: (no value)
Broken in: (no value)
Fixed in: (no value)



Subject: Password parameter to login
Date: Tue, 10 Nov 2015 12:11:02 +0000
To: "bug-DBD-mysql [...] rt.cpan.org" <bug-DBD-mysql [...] rt.cpan.org>
From: "Stevens, Norman" <NStevens [...] websense.com>
Download (untitled) / with headers
text/plain 1.5k
The mysql C function mysql_real_connect distinguishes between null and the empty string for the password parameter. The perl connect however converts the empty string to NULL so does not maintain the functionality of the underlying mysql library. To use a value specified in a defaults file most of the parameters to mysql_real_connect can be passed as the empty string or null, however for the password parameter only the null value results in use of the value from the defaults file. To quote the documentation at https://dev.mysql.com/doc/refman/5.5/en/mysql-real-connect.html "For passwd, specify a value of NULL. (For the password, a value of the empty string in the mysql_real_connect() call cannot be overridden in an option file, because the empty string indicates explicitly that the MySQL account must have an empty password.)" However the perl implementation does not maintain the difference. The function save_hv_fetch replaces the empty string with NULL. (dbdimp.c line 2014). This results in incorrect behaviour. Given the definition of the C function I would expect the perl connect to use the value from the defaults file only if the password parameter is undef. A value of the empty string should not use the value from the defaults file. There is a workaround, the string "\0" for the password is not converted to NULL and is interpreted as the empty string by the mysql C library. NORMAN STEVENS Sr. Software Development Engineer RAYTHEON|WEBSENSE ph: +44.118.938.8661 fax: +44.118.909.7161 www.websense.co.uk<http://www.websense.co.uk> ENTER A NEW ERA OF CYBERSECURITY


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.