in DAL there are 2 similar REGEXes at the top that parse the DAL uri. The
method "hide_password()" should hide the password and not the user from the
uri....a simple script to reproduce
import re
REGEX_PASSWORD = re.compile('\://([^:@]*)\:')
REGEX_NOPASSWD = re.compile('(?<=\:)([^:@/]+)(?=@.+)')
uri = 'postgres://mdipierro:password@localhost/test'
#actual method
print REGEX_PASSWORD.sub('://******:',uri)
>> postgres://******:password@localhost/test
#proposed method
print REGEX_NOPASSWD.sub('******',uri)
>> postgres://mdipierro:******@localhost/test
Currently the 1st is used, I'd suggest the 2nd unless there is some reason
behind it.
Il giorno venerdì 11 gennaio 2013 15:14:42 UTC+1, Massimo Di Pierro ha
scritto:
>
> I am not sure I understand the context. Can you show me a code example?
>
> On Friday, 11 January 2013 05:37:23 UTC-6, Niphlod wrote:
>>
>> yep, don't know why ....
>>
>> seems that hide_password() should be among the lines of
>>
>> def hide_password(uri):
>> return REGEX_NOPASSWD.sub('******',uri)
>>
>> On Friday, January 11, 2013 11:01:45 AM UTC+1, Joel Samuelsson wrote:
>>>
>>> Using version 2.3.2 (stable) by the way.
>>>
>>> Den fredagen den 11:e januari 2013 kl. 10:59:24 UTC+1 skrev Joel
>>> Samuelsson:
>>>>
>>>> Not sure if this is the right place to submit a "bug report" but here
>>>> it goes:
>>>>
>>>> If you print a DAL object (using a MySQL adapter, at least) the
>>>> username is hidden but the password is still visible. To me it looks like
>>>> the regexp is at fault (gluon/dal.py):
>>>> REGEX_PASSWORD = re.compile('\://([^:@]*)\:')
>>>>
>>>
--
