Special Characters in Passwords

Latest response

I find a lot of how-to's with security and passwords.  What I need to know is if there are restrictions in what types of characters can be used in good old plain text passwords?  For example, if we set a password connection to a database in the 8-ds.xml file to Jbo$$is@llRight#  why would it fail?  Should it work?  

Responses

Hello Liisa,

 

The only restriction would be invalid xml characters and/or restrictions imposed by RDBMS. Which EAP version you've observed the issue? I can try to reproduce it here in my local settings.

 

Thanks,

 

Usman

The issues were with $, @ and #, and we are currently working with EAP 5.1.2 and EnterpriseDB.  Thanks so much!

Hi Liisa,

 

EnterpriseDB is based on PostgreSQL, I just tested it with PostgreSQL 9 and it works without any issues:

 

postgres-ds.xml:

 

<datasources>
  <local-tx-datasource>
    <jndi-name>PostgresDS</jndi-name>
    <connection-url>jdbc:postgresql://localhost:5432/postgres</connection-url>
    <driver-class>org.postgresql.Driver</driver-class>
    <user-name>test</user-name>
    <password>Jbo$$is@llRight#</password>
        <!-- sql to call when connection is created.  Can be anything, select 1 is valid for PostgreSQL-->
        <new-connection-sql>select 1</new-connection-sql>
       

        <!-- sql to call on an existing pooled connection when it is obtained from pool.  Can be anything, select 1 is valid for PostgreSQL -->
        <check-valid-connection-sql>select 1</check-valid-connection-sql>
       

      <!-- corresponding type-mapping in the standardjbosscmp-jdbc.xml (optional) -->
      <metadata>
         <type-mapping>PostgreSQL</type-mapping>
      </metadata>
  </local-tx-datasource>

</datasources>

index.jsp:

 

<%@page import="javax.sql.DataSource"%>
<%@page import="javax.naming.InitialContext"%>
<%@page import="javax.naming.Context"%>
<%@page import="java.sql.*"%>
<%@ page language="java" contentType="text/html; charset=UTF-8"
    pageEncoding="UTF-8"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>DB Lookup</title>
</head>
<body>
Looking up PostgresDS ...<br />
<%
Context ic = new InitialContext();
DataSource ds = (DataSource) ic.lookup("java:/PostgresDS");
Connection con = ds.getConnection();
Statement s = con.createStatement();
ResultSet rs = s.executeQuery("SELECT 1");
rs.close();
s.close();
con.close();
%>
Passed!
</body>
</html>

Note that I created user 'test' as a superuser, here is the output of \du from psql in my settings:

postgres=# \du
                       List of roles
 Role name |            Attributes             | Member of
-----------+-----------------------------------+-----------
 postgres  | Superuser, Create role, Create DB | {}
 rhqadmin  |                                   | {}
 test      | Superuser, Create role, Create DB | {}

Can you double check whether the user you are testing has correct attributes, and/or, try altering password again (are you able to login to that user via psql?).

 

Can you post your -ds.xml file and the code that you are using to connect to database. Any log snippets from server.log to show exactly what error you are getting?

 

Thanks,

 

Usman