Re: Question about password character in ECPG's connection string

Adrian Klaver <adrian.klaver@aklaver.com>

From: Adrian Klaver <adrian.klaver@aklaver.com>
To: "Egashira, Yusuke" <egashira.yusuke@jp.fujitsu.com>, 'Giuseppe Sacco' <giuseppe@eppesuigoccas.homedns.org>, "pgsql-general@postgresql.org" <pgsql-general@postgresql.org>
Date: 2019-08-28T13:59:44Z
Lists: pgsql-general
On 8/27/19 6:18 PM, Egashira, Yusuke wrote:
> Hi, Giuseppe,
> 
> Thanks to response to my question!
> 
>> It seems to me that ECPG documentation does not allow specifying
>> username and/or password in the connection string. The correct syntax
>> should be:
>>
>> EXEC SQL CONNECT TO "unix:postgresql://localhost/connectdb" USER
>> "myuser" IDENTIFIED BY "pass&word"
> 
> Yes, I could connect to database with "USER" and "IDENTIFIED BY" phrase in CONNECT statement.
> However, I could also connect to database with password in connection string when my password does not contains '&' character.
> 
> 1. In database,
>     > CREATE ROLE myuser LOGIN PASSWORD 'password';
> 2. In ECPG application,
>     EXEC SQL CONNECT "tcp:postgresql://localhost?user=myuser&password=password";
>       -> The connection was succeeded.
> 
> This behavior confuse me.

My guess it that what is happening is:

1) Given password: my&pwd

2)  "tcp:postgresql://localhost?user=myuser&password=password" looks like

  "tcp:postgresql://localhost?user=myuser&password=my&pwd"

and password is parsed on the & and you also end up with an extra 
parameter pwd

Have you tried quoting the password?


> 
> If user and password cannot write in connection string, what are parameters allowed in "connection_option" ?
> I hope I can get this information from the ECPG documentation.
> 
> Regards.
> 
> --
> Yusuke, Egashira.
> 


-- 
Adrian Klaver
adrian.klaver@aklaver.com



Commits

  1. Doc: describe the "options" allowed in an ECPG connection target string.

  2. Cosmetic improvements for options-handling code in ECPGconnect().