Re: [Django] #30307: dbshell doesn't pass password properly on Oracle 18c.

Tue, 02 Apr 2019 00:34:33 -0700 

#30307: dbshell doesn't pass password properly on Oracle 18c.
-------------------------------------+-------------------------------------
     Reporter:  Mark Gordon          |                    Owner:  msg555@…
         Type:  Bug                  |                   Status:  assigned
    Component:  Database layer       |                  Version:  2.2
  (models, ORM)                      |
     Severity:  Normal               |               Resolution:
     Keywords:  oracle dbshell       |             Triage Stage:  Accepted
  runshell                           |
    Has patch:  0                    |      Needs documentation:  0
  Needs tests:  0                    |  Patch needs improvement:  0
Easy pickings:  0                    |                    UI/UX:  0
-------------------------------------+-------------------------------------

Comment (by Mark Gordon):

 Are you finding documentation about this anywhere?

 Apologies if you were just being brief, but let's make sure we're talking
 about the same thing. If

 sqlplus -L username/\"p@ssword\"@localhost:1521/some_database

 is what you entered on the command line then yes it will work because the
 normal shell escaping mechanisms will convert the \" sequence to just a
 double quote when passed to the underlying sqlplus command. However, there
 is no such unescaping shell layer when you use the array form of
 subprocess.run, the arguments are passed literally meaning that there's
 going to be random backslashes in the password portion of the connect
 string.

 e.g. if you ran


 sqlplus -L 'username/\"p@ssword\"@localhost:1521/some_database'

 which is the equivalant of what dbshell is doing then it should fail.

 Additionally, there are no tests of this function in the codebase as far
 as I can tell. The PR that introduced this change did not add tests for
 the dbshell related functionality.

-- 
Ticket URL: <https://code.djangoproject.com/ticket/30307#comment:2>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/064.abc10d7387ccd6946f16f5c144a228ed%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to