Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
The Postgres PDO driver is treating backslashes in passwords as escape characters. So passwords containing backslashes arrive at the server with the backslash missing or some weird escape stuff going on.
The PDO bug with example is here:
http://bugs.php.net/bug.php?id=53217
Attached patch doubles up the backslashes to work around the problem.
Comment | File | Size | Author |
---|---|---|---|
pdo_pgsql_password_backslash.patch | 1.11 KB | bellHead | |
Comments
Comment #1
Crell CreditAttribution: Crell commentedThat's a superb code comment. :-) The testbot isn't really useful here since it only runs MySQL, so I defer to one of the Postgres maintaners to RTBC this.
Comment #2
Josh Waihi CreditAttribution: Josh Waihi commentedWhat version of PostgreSQL is this effected in? I'm using PostgreSQL 9 with PHP 5.3, using a backslash in my password worked fine. All I did was change my password to "\1Geo" then login again. No errors, no issues.
Comment #3
bellHead CreditAttribution: bellHead commentedI've got 8.4, but I don't think the pg version matters. I was seeing the missing \ on the wire to the server.
I'm rebuilding my ahead-of-repository-versions system at the moment and I'll give it another bash, including testing a wider range of possibilities for placing \ in the password (since my initial test had it in a pair with another punctuation mark).
Comment #4
bellHead CreditAttribution: bellHead commentedI'm still getting the error.
To reproduce:
Comment #5
Josh Waihi CreditAttribution: Josh Waihi commentedOk, this makes sense to me now. I'm happy with the commit. Its kinda minor since its more a PostgreSQL specific issue than anything to do with Drupal.
Comment #6
catchComment #7
Dries CreditAttribution: Dries commentedI'm confused though. Josh reported that it worked for him, but apparently it is broken on all PDO versions. Thoughts?
Comment #8
bellHead CreditAttribution: bellHead commentedIt is broken in all PDO versions. I think that Josh had trouble reproducing it because he didn't actually get a password with a backslash set up to test with - as I mentioned in #4 the backslash needs to be escaped in the CREATE USER or ALTER USER command to have an effect.
Comment #9
Dries CreditAttribution: Dries commentedNo word from Josh yet.
I've decided to commit the above patch to 7.x and 8.x as there is enough evidence that this is an issue with PDO.
Josh can always re-open the issue if necessary.
Comment #10
Josh Waihi CreditAttribution: Josh Waihi commentedThanks Dries. As bellHead suggested, its a limitation with PDO rather than a bug with Drupal. It can be easily avoided by not using backslashes in the password to connect the database. Albeit, not an ideal solution, I'm fine with it.
IMO, its better to run passwordless accounts over SSL with proper configured pg_hba.conf since database credentials are readable in settings.php anyway.