Unable to pass URL components ('#', '/', '?') in password for DATABASE_URL

[Thomspoon]

Hello,

Currently, the connection code uses the url crate to parse the connection string. This is fine, however, percent_encoding/decoding is not currently used in the project which leads the user to have to change their passwords if they use the characters '#', '/', or '?'.

For example: mysql://root:pass#word@localhost:3006/testing would result in a panic/error.

The solution to this is to allow the connection string to be: mysql://root:pass%23word@localhost:3006/testing and then use the percent_encoding functions to decode the password where it is matched.

This seems to be a limitation of the rust-url crate, where I've reached out to the developers, but to no avail. They are just following the url standard.

[YetAnotherMinion]

My opinion is that if you want to parse database connection strings, you should create a separate crate for that functionality instead of using a different grammar that is "kinda close" to what you actually want to parse. Then go into the authoritative C source code of the database drivers and use corrode to transfer the parsing grammar into rust (or do it by hand).

edit: after reading the libpq source I can speak authoritatively that for Postgres that

• the user cannot contain the characters '@' and '/' but can contain the ':' character
• the password cannot contain the '@' or ':' character but can contain the '/' character
• the netloc cannot contain the ':', '/', '?', or ',' characters
• the dbname cannot contain the '?' character

[Thomspoon]

The problem is that the workaround for most other database connectors written in rust is by using percent-encoding, since most are URL based and therefore use the URL parsing standard. The percent-encoding allows you to use your personal password, no matter what it is, without causing errors in the parser for the respective connector. It's as simple as utilizing the percent encoding code already included in the URL crate that is being used for the MySQL portion of the connector.

[sganz]

I found this page for PG
https://www.postgresql.org/docs/9.5/static/libpq-connect.html

Has a line in it - Percent-encoding may be used to include symbols with special meaning in any of the URI parts.

I may not be thinking the right way on this but seems it's OK to encode it. Because the characters are not valid (from a specific db perspective) might be another concern. The hope is that all connectors have similar mechanism to encode.

Take this all with a grain of salt as I'm new to rust, new to diesel.

[sgrif]

Yes, percent encoding is 100% the correct thing for us to be doing. I actually assumed the URL crate was already decoding where needed for us. It sounds like that's not the case. Either way, having explicit tests to make sure that this is handled seems valuable.

[sgrif]

Also IIRC we've had issues opened before from people unclear that percent encoding was an option. We should try to call it out more loudly in the docs.