To comment on the following update, log in, then open the issue: http://www.openoffice.org/issues/show_bug.cgi?id=115573 Issue #|115573 Summary|Unquoted password in connection string of sdbc-postgre |sql Component|Database access Version|OOO320m19 Platform|PC URL| OS/Version|Windows, all Status|UNCONFIRMED Status whiteboard| Keywords| Resolution| Issue type|DEFECT Priority|P2 Subcomponent|none Assigned to|dbaneedsconfirm Reported by|sergwish
------- Additional comments from [email protected] Sun Nov 14 11:54:29 +0000 2010 ------- Password is appended to connection string unquoted. This prevents users from logging in if their password contains spaces or colons. This can also be used to breach security, redirecting connection to a different host/port/database by adding connection parameters after a space character in password field. Workaround for passwords with colons and spaces is to single-quote password by hand. Workaround for security breach is unknown. --------------------------------------------------------------------- Please do not reply to this automatically generated notification from Issue Tracker. Please log onto the website and enter your comments. http://qa.openoffice.org/issue_handling/project_issues.html#notification --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
