New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Escape URL-unsafe characters in DB connection string #2532
Comments
Seems like something we shouldn't support, especially since the ansible install auto-generates a safe password anyway. What's preventing you from using a character only DB password? |
Is Ansible part of Lemmy?
It's literally how URLs work by specification. And you're not "supporting" it, the maintenance burden is literally zero.
What mandates one? You mean alphanumeric only because punctuation marks are also characters. Also what mandates the 60 char max password length enforced by the frontend? You guys are hashing em, right? |
Ansible is how you install lemmy, from our docs: https://join-lemmy.org/docs/en/administration/administration.html Read the link I provided you over in the other thread for why you shouldn't use special characters for postgres passwords, db names, etc. |
Hashing and checking passwords is resource intensive, and some character limit is necessary no matter what. No unhashed passwords are stored in the DB, we are hashing them with https://github.com/Keats/rust-bcrypt |
From the docs:
(emphasis mine) Great! So I went with Docker, simply because Ansible is not available in my environment; either way, the code causing the issue is neither part of Docker nor Ansible - it's part of the scope of the Lemmy application, though. That a particular deployment method successfully generates configuration has no bearing on how the application itself handles the configuration that is actually provided to it. |
No probs, just know that DB connection strings / URLs are finicky, which is why pretty much every app you'll see uses no special characters for the DB password. |
Issue Summary
I like my passwords with extra weird characters. However Lemmy seems to do naive string templating when building the PostgreSQL connection string. So if the password happens to contain e.g. a colon, the whole thing break.
Steps to Reproduce
Set a DB password containing a URL-unsafe character in
config.hjson
, and try to launch Lemmy.Technical details
Maybe you gotta percent-encode the data from the config that goes into the connection URL?
The text was updated successfully, but these errors were encountered: