Skip to content

Undefined index: password when no mysql password is set #184

Closed
jianyuan opened this Issue Feb 11, 2013 · 6 comments

6 participants

@jianyuan

If you use mysql (or any database which requires a login) and do not define a password in the configuration file, the following undefined index error will appear:

Notice: Undefined index: password in C:\xampp\htdocs\bolt\app\classes\lib.php on line 957

@maxfierke

Perhaps the dashboard should issue a loud complaint instead, as there is no good reason, in a production site, not use a password for a MySQL user.

@bobdenotter
Bolt member

I agree. There's no good reason to use MySQL without a password. I'm going to fix this.

@bobdenotter bobdenotter added a commit that closed this issue Feb 16, 2013
@bobdenotter bobdenotter Display an error when either Postgres or MySQL is selected, but datab…
…asename or password is omitted from the config. Fixes #184.
e8eb7c8
@WilliamVercken

Hi,

I have a good reason to use MySQL without a password : sometimes, we don't have the choice !
I use a cloud hosting service, Gandi Simple Hosting, that provide me a securised access to my database with host : "localhost" / user : "root" / password : "". And I can't change it !

I just discovered Bolt, and I wanted to install it for testing, and... I can't. :)
Even with my local Wamp, I don't have any password (just the same localhost / root / ...), and I can't test this CMS...

Can you do something for people like me ? :)

@tobias2k
@WilliamVercken

No I can't, I only have MySQL, pgSQL and MongoDB. ( https://www.gandi.net/hebergement/simple?language=php )
Even if I had the choice, all my website on this server are on MySQL.

I understand I can be a problem to not have password for the database, but in my case it is not, and I just want to have the choice... I wanted to test Bold without changing my configs. It not about "promoting bad practice". ( #262 (comment) ) :)

@marcj
marcj commented Jan 20, 2014

Forcing the user/dev to have a password set is really not a good idea. Many many developers have mysql locally installed to debug/test etc. They usually don't have a password set because the server is bound to loopback interface or hostname is restricted to "localhost" and therefore its useless to set a password. Also some cloud provider do not set a mysql password but limit the access on TCP level, which is usually more secure. (which is sometimes needed to automatically boot new load-balancer slave instances while not saving the password in the repository/image)

MySQL and PostgreSQL do support also more authentication methods than the good old password login. Restricting that isn't a good idea IMHO.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.