Special characters in passwords

Recently I moved our website at work from one hosting provider to another. As we have several instances of the site (testing, demo, live etc.), each with their own separate database, I moved them one at a time, starting with the least important. The first three instances were migrated without any problems, but when it came to move the live instance it refused to connect to the database on the new host, even though all the other instances worked fine.

I couldn’t make head or tail of why the final instance would not connect to the database. Although each instance has its own database connection information, the rest of the code is identical. I could connect to MySQL manually on the command line without any problems, so it didn’t seem to be a case of supplying the wrong credentials. Matthew at Bytemark spent the best part of an hour running through various diagnostics with me to see if there was a problem with the database connection, but to no avail. Eventually we restored to editing the database library and getting it to print the credentials it was using to connect to the database, which is when we spotted the problem.

As usual, I’d used the mkpasswd command to generate a reasonably secure password, consisting of at least ten characters, for each database user. By chance, the password for the live instance contained a forward slash (/) character, whereas all the other passwords consisted purely of alphanumerical characters in a mixture of case. Normally this would seem like an excellent choice, as it supposedly makes the password harder to guess than a word taken from the dictionary, but unfortunately the forward slash is also used to separate two parts of the database source name (DSN). As a result, the database library thought part of the password (everything after the slash) was the database name, and this resulted in an invalid set of credentials. Changing the password to one without a slash immediately fixed the problem.

The moral of the story? You should probably stick to alphanumeric characters (a-z, A-Z, 0-9) in any passwords which will be used to establish connections, especially databases.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.