Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

A DbConnection param with a random password (with non char signs) is misinterpreted #150

Open
rduivenvoorde opened this issue Oct 27, 2023 · 1 comment
Labels
question Further information is requested

Comments

@rduivenvoorde
Copy link

I had a db connection with a random password,

So something like (I replaced alle names except the changed but lookalike passwd):
DbConnection = "postgresql://user:6Ni,ron.TSDk3Y#a@host/dbname"

I was not able to start pg_featureserv with that because:

cannot parse 'postgresql://user:6Ni,ron.TSDk3Y#a@host/dbname': failed to parse as URL (parse "postgresql://user:6Ni,ron.TSDk3Y": invalid port ":6Ni,ron.TSDk3Y" after host)

Apparently the :6 made pg_featureserv think that that was a portnumber?

I understand it is difficult to find heuristics to handle this, but thought to let it know.

I was able to work around this (I'm not able to change the password...), by using a DATABASE_URL environment param:

export DATABASE_URL="host=host port=5432 dbname=dbname user=user password=6Ni,ron.TSDk3Y#a connect_timeout=10 sslmode=require"

@jamesscottbrown
Copy link

tl;dr - URL encode the # as %23.

Apparently the :6 made pg_featureserv think that that was a portnumber?

I think the problem is actually the #, rather than the :6.

The connection string gets passed through topgxpool.ParseConfig (in pgx/v4/pgxpool), and then to parseURLSettings in pgx/pgconn, which tries to parse it using the url.Parse function provided by the net/url package in Go's standard library.

This function expects URLs to have the scheme: [scheme:][//[userinfo@]host][/]path[?query][#fragment]. It thinks everything after the # is the fragment of the URL; as this removes the @, it doesn't expect to see any userinfo, so thinks that user:6Ni,ron.TSDk3Y is a host:port, and complains that the port in invalid.

Demo:

package main

import (
	"fmt"
	"net/url"
)

func main() {
	connString := "postgresql://user:6Ni,ron.TSDk3Y%23a@host/dbname"

	url, err := url.Parse(connString)
	if err != nil {
		fmt.Print("FAILED TO PARSE", err)
	}

	if password, present := url.User.Password(); present {
		fmt.Print("The extracted password: ", password)
	}
}

prints:

The extracted password: 6Ni,ron.TSDk3Y#a

@dr-jts dr-jts added the question Further information is requested label Mar 8, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
question Further information is requested
Projects
None yet
Development

No branches or pull requests

3 participants