If you use mysql (or any database which requires a login) and do not define a password in the configuration file, the following undefined index error will appear:
Notice: Undefined index: password in C:\xampp\htdocs\bolt\app\classes\lib.php on line 957
Perhaps the dashboard should issue a loud complaint instead, as there is no good reason, in a production site, not use a password for a MySQL user.
I agree. There's no good reason to use MySQL without a password. I'm going to fix this.
Display an error when either Postgres or MySQL is selected, but datab…
…asename or password is omitted from the config. Fixes #184.
I have a good reason to use MySQL without a password : sometimes, we don't have the choice !
I use a cloud hosting service, Gandi Simple Hosting, that provide me a securised access to my database with host : "localhost" / user : "root" / password : "". And I can't change it !
I just discovered Bolt, and I wanted to install it for testing, and... I can't. :)
Even with my local Wamp, I don't have any password (just the same localhost / root / ...), and I can't test this CMS...
Can you do something for people like me ? :)
No I can't, I only have MySQL, pgSQL and MongoDB. ( https://www.gandi.net/hebergement/simple?language=php )
Even if I had the choice, all my website on this server are on MySQL.
I understand I can be a problem to not have password for the database, but in my case it is not, and I just want to have the choice... I wanted to test Bold without changing my configs. It not about "promoting bad practice". ( #262 (comment) ) :)
Forcing the user/dev to have a password set is really not a good idea. Many many developers have mysql locally installed to debug/test etc. They usually don't have a password set because the server is bound to loopback interface or hostname is restricted to "localhost" and therefore its useless to set a password. Also some cloud provider do not set a mysql password but limit the access on TCP level, which is usually more secure. (which is sometimes needed to automatically boot new load-balancer slave instances while not saving the password in the repository/image)
MySQL and PostgreSQL do support also more authentication methods than the good old password login. Restricting that isn't a good idea IMHO.