Issue 115573

Summary: Unquoted password in connection string of sdbc-postgresql
Product: Base Reporter: sergwish <sergwish>
Component: codeAssignee: AOO issues mailing list <issues>
Status: UNCONFIRMED --- QA Contact:
Severity: Trivial    
Priority: P3 CC: issues, lionel, r4zoli
Version: OOO320m19   
Target Milestone: ---   
Hardware: PC   
OS: Windows, all   
Issue Type: DEFECT Latest Confirmation in: ---
Developer Difficulty: ---

Description sergwish 2010-11-14 11:54:29 UTC 
Password is appended to connection string unquoted. This prevents users from
logging in if their password contains spaces or colons. This can also be used to
breach security, redirecting connection to a different host/port/database by
adding connection parameters after a space character in password field.

Workaround for passwords with colons and spaces is to single-quote password by hand.

Workaround for security breach is unknown.
Comment 1 r4zoli 2010-12-31 08:42:54 UTC 
Set priority bac to P3, according to:
http://qa.openoffice.org/scdocs/ddIssues_EnterModify.html#priority

@ jbu
Please review it.
Comment 2 lmamane 2011-09-06 00:16:45 UTC 
Indeed. This is fixed in a new version of postgresql-sdbc which I'll release "really soon now"; see http://wiki.documentfoundation.org/PostgreSQL-SDBC .
Comment 3 Rob Weir 2013-07-30 02:45:17 UTC 
Reset assignee on issues not touched by assignee in more than 1000 days.