Issue 115573 - Unquoted password in connection string of sdbc-postgresql
Summary: Unquoted password in connection string of sdbc-postgresql
Alias: None
Product: Base
Classification: Application
Component: code (show other issues)
Version: OOO320m19
Hardware: PC Windows, all
: P3 Trivial (vote)
Target Milestone: ---
Assignee: AOO issues mailing list
QA Contact:
Depends on:
Reported: 2010-11-14 11:54 UTC by sergwish
Modified: 2013-07-30 02:45 UTC (History)
3 users (show)

See Also:
Issue Type: DEFECT
Latest Confirmation in: ---
Developer Difficulty: ---


Note You need to log in before you can comment on or make changes to this issue.
Description sergwish 2010-11-14 11:54:29 UTC
Password is appended to connection string unquoted. This prevents users from
logging in if their password contains spaces or colons. This can also be used to
breach security, redirecting connection to a different host/port/database by
adding connection parameters after a space character in password field.

Workaround for passwords with colons and spaces is to single-quote password by hand.

Workaround for security breach is unknown.
Comment 1 r4zoli 2010-12-31 08:42:54 UTC
Set priority bac to P3, according to:

@ jbu
Please review it.
Comment 2 lmamane 2011-09-06 00:16:45 UTC
Indeed. This is fixed in a new version of postgresql-sdbc which I'll release "really soon now"; see .
Comment 3 Rob Weir 2013-07-30 02:45:17 UTC
Reset assignee on issues not touched by assignee in more than 1000 days.