Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Replace PQconnectdb() by PQconnectdbParams() #384

Merged
merged 4 commits into from
Apr 14, 2024
Merged

Replace PQconnectdb() by PQconnectdbParams() #384

merged 4 commits into from
Apr 14, 2024

Conversation

za-arthur
Copy link
Collaborator

@za-arthur za-arthur commented Feb 28, 2024
edited
Loading

A value in a connection string should be quoted if it can contain spaces:
https://www.postgresql.org/docs/current/libpq-connect.html#LIBPQ-CONNSTRING-KEYWORD-VALUE

Alternative approach is to use PQconnectdbParams() instead of PQconnectdb(). This should be more solid approach to pass password and other connection options, which doesn't require escaping value strings.

Issue: #382

@za-arthur za-arthur mentioned this pull request Feb 28, 2024
Closed
jschaf
jschaf reviewed Feb 28, 2024
View reviewed changes
Copy link

@jschaf jschaf left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This would fix my issue--left a suggestion for covering all cases.

bin/pgut/pgut-fe.c Outdated
@@ -62,7 +62,7 @@ setup_workers(int num_workers)
if (username && username[0])
appendStringInfo(&buf, "user=%s ", username);
if (password && password[0])
appendStringInfo(&buf, "password=%s ", password);
appendStringInfo(&buf, "password='%s' ", password);
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That'll work for most passwords (and mine), but this approach won't work for passwords that contain single quotes.

https://www.postgresql.org/docs/current/libpq-connect.html#LIBPQ-CONNSTRING-KEYWORD-VALUE

To make it bulletproof: when wrapping with single quotes, we'd need to scan the string and:

  • Prefix any backslash with a backslash.
  • Prefix any single quote with a backslash.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That makes sense 👍. I see couple of ways of resolving other cases:

  • The simpler approach is to copy the function appendConnStrVal(). libpgfeutils started sharing it only after Postgres 9.6.
  • IMHO the proper approach would be to use PQconnectdbParams(), which doesn't require connection parameters values and which is used by most of the PostgreSQL client applications.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

With the commit 135df8b I replaced call of PQconnectdb() by PQconnectdbParams(). This should be more solid approach to pass password and other connection options, which doesn't require escaping value strings.

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Much appreciated! I don't see anything glaringly wrong, but I have very little C experience.

andreasscherbaum
andreasscherbaum approved these changes Apr 14, 2024
View reviewed changes
Copy link
Collaborator

@andreasscherbaum andreasscherbaum left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good. Thanks for keeping older versions alive.

@za-arthur
Copy link
Collaborator Author

Thanks for the approval. I'm merging the PR.

@za-arthur za-arthur changed the title Quote passwords in a connection string Replace PQconnectdb() by PQconnectdbParams() Apr 14, 2024
@za-arthur za-arthur merged commit 90da0a2 into master Apr 14, 2024
18 checks passed
@za-arthur za-arthur deleted the issue_383_whitespace_in_password branch April 14, 2024 17:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jschaf jschaf jschaf left review comments

@andreasscherbaum andreasscherbaum andreasscherbaum approved these changes

Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@za-arthur @jschaf @andreasscherbaum