Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Admin password-requirements are also set for database-user on install #35219

Closed
Hielkio opened this issue Aug 18, 2021 · 14 comments
Closed

Admin password-requirements are also set for database-user on install #35219

Hielkio opened this issue Aug 18, 2021 · 14 comments
Labels
No Code Attached Yet

Comments

@Hielkio
Copy link

Hielkio commented Aug 18, 2021

Steps to reproduce the issue

Create a new database
Create and assign a user with a password that doesn't meet the admin password requirements. (for example "Joomla1234" which doesn't comply with the minimum of 12 characters required)
Install Joomla V4.0.0 Stable
Follow the steps to get the stuff up and running

Now try to change a randomly chosen setting and save!
You know should receive one of these errors:

  • RuntimeException: Unable to save plugin settings (When trying to accept diagnostics submission to Joomla)
  • 1044 Access denied for user 'database_user'@'database_host' to database 'database_name'

I didn't change the users' password to meet the requirement, because this would have impact on other databases, so I added a new user with a password that does meet the requirements: "Joomla12345!" and correct permissions.

Now try to change a random setting again and the problem has been gone!

Expected result

The installation script shouldn't interfere with the database-user account. Users should be responsible for choosing their passwords carefully for their database-users, as well as the admin account in my opinion.

Actual result

Because you think the installation went well, without any error, you don't expect such problem-origin when there were no errors when installing and everything is working (usually such things give, IF they were intentional implemented, an error at the right place and time)

I think this would drive some users crazy and leaving Joomla behind (I know, I know, users are just as lazy as h**l, but that doesn't change the situation. Keep people happy and they're staying)

I hope everything made sense

Greetz,
Hielkio

System information (as much as possible)

Joomla V4.0.0

Additional comments
@brianteeman
Copy link
Contributor

I am unable to replicate this

My database password is not 12 characters

My test joomla admin password is 22 characters

No problems at all with installation.
The database password is not changed
The database password is not checked for 12 characters

@PhilETaylor

This comment was marked as abuse.

Sign in to view
@richard67
Copy link
Member

You have not created your mysql user correctly in your mysql server. Ensure you have granted the correct permissions to the mysql user so it can UPDATE as well as SELECT

... and CREATE TABLE ...

@PhilETaylor

This comment was marked as abuse.

Sign in to view
@richard67
Copy link
Member

Without UPDATE and SELECT either 😛

@PhilETaylor

This comment was marked as abuse.

Sign in to view
@richard67
Copy link
Member

Yes that's the normal good way, one user with all privileges for each database. Never same user, and never never root.

@johnjunior00
Copy link

to install joomla he would need a create table , otherwise he woulnd't be able to instal it

This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/35219.

@Hielkio
Copy link
Author

Hielkio commented Aug 18, 2021

The install went without without any problem.
I also ALWAYS select ALL permissions (at once) when assigning a user to a specific database... BUT.. it looks that there's a catch..

There were a couple of options unchecked afterwards (in the database permission-table of the server), which should not be possible because I have NO permissions set as default and never use manual permission settings, but always "ALL PERMISSIONS". If I didn't give the user any permissions, the install would never happen. This is something I never experienced before... very, very, very strange!

Would it be possible that the installer changed the permissions maybe? (maybe a really dumb answer)

I think I'm gonna reproduce the situation AGAIN to find out if it was a server-flaw or eventually a bug elsewhere

This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/35219.

@brianteeman
Copy link
Contributor

I think I'm gonna reproduce the situation AGAIN to find out if it was a server-flaw or eventually a bug elsewhere

Please do

@Hielkio
Copy link
Author

Hielkio commented Aug 18, 2021

Richard: "Never same user, and never never root."
Of course, for a LIVE situation this would be not appropriate, but for testing purposes, it wouldn't make any sense to create a lot of separate accounts and keep maintaining SIMPLE, DEVelopment environments without any personal or important data. Agreed?

This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/35219.

@PhilETaylor

This comment was marked as abuse.

Sign in to view
@richard67
Copy link
Member

Richard: "Never same user, and never never root."
Of course, for a LIVE situation this would be not appropriate, but for testing purposes, it wouldn't make any sense to create a lot of separate accounts and keep maintaining SIMPLE, DEVelopment environments without any personal or important data. Agreed?

@Hielkio Agreed.

@richard67
Copy link
Member

This should be closed as obviously not a core Joomla bug as described else we would all be hitting it.

Agree. Closing as not a core issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
No Code Attached Yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@PhilETaylor @brianteeman @richard67 @joomla-cms-bot @Hielkio @johnjunior00