Hi,
There is exception occurs when you try to create password with illegal characters in it.
For example, if you go to MySQL database user creation page and try to create user with the following password: P'ass\or"d1 (note backslash and quotes).
The following exception is thrown:
System.Exception: Exception of type 'System.Exception' was thrown.
Event Viewer:
ERROR: 'MySQL Server 5.1' CreateUser
MySql.Data.MySqlClient.MySqlException: #42000You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'ass\or"d1'' at line 1
at MySql.Data.MySqlClient.PacketReader.CheckForError()
at MySql.Data.MySqlClient.PacketReader.ReadHeader()
at MySql.Data.MySqlClient.PacketReader.OpenPacket()
at MySql.Data.MySqlClient.NativeDriver.ReadResult(Int64& affectedRows, Int64& lastInsertId)
at MySql.Data.MySqlClient.CommandResult.ReadNextResult(Boolean isFirst)
at MySql.Data.MySqlClient.CommandResult..ctor(Driver d, Boolean isBinary)
at MySql.Data.MySqlClient.NativeDriver.SendQuery(Byte[ bytes, Int32 length, Boolean consume)
at MySql.Data.MySqlClient.MySqlCommand.GetNextResultSet(MySqlDataReader reader)
at MySql.Data.MySqlClient.MySqlCommand.Consume()
at MySql.Data.MySqlClient.MySqlCommand.ExecuteNonQuery()
at DotNetPanel.Providers.Database.MySqlServer.ExecuteNonQuery(String commandText, String connectionString)
at DotNetPanel.Providers.Database.MySqlServer.CreateUser(SqlUser user, String password)
at DotNetPanel.Server.DatabaseServer.CreateUser(SqlUser user, String password)
Could you make password validator to give a notice that tricky characters like ' (quote), " (double quote), \ (backslash) are not allowed in the password?
Or just escape them somehow? Or add "Allowed/Illegal characters" field to MySQL password policy?
w2k3 se sp2 x32, DNP v2.8.11, MySQL 5.1.31
Thank you!