[postgresql-interfaces/psqlodbc] issue #42: Why does the ODBC driver expect the password in a connection string to be URL-encoded?

postgresql-interfaces/psqlodbc GitHub issues and pull requests (mirror)  
help / color / mirror / Atom feed

From: omeuid (@omeuid) <[email protected]>
To: postgresql-interfaces/psqlodbc <[email protected]>
Subject: [postgresql-interfaces/psqlodbc] issue #42: Why does the ODBC driver expect the password in a connection string to be URL-encoded?
Date: Mon, 16 Sep 2024 17:11:37 +0000
Message-ID: <[email protected]> (raw)

ODBC driver expects the password in a connection string to be URL-encoded but I don't find any reason to do that.

This requirement could lead to connection issues when client applications (like Microsoft PowerBI) request the credentials from the user and create a connection string in the following way:
* "DSN=myDSN;UID=myUser;PWD=myPass;"

If the password contains characters that need to be encoded and the application does not perform any of the following changes the connection will fail:
* Encode password as the driver requires.
* Send the password in the connection string between brackets.

Currently, to avoid this issue there are two alternatives:
* Make the final user to encode their password. 
* Change the client application to encode the password properly.

The first option does not seem feasible many users are using the application. Also, the second option cannot be achieved by generic ODBC clients (for example, Microsoft PowerBI with the generic ODBC connector), as the client could not know this requirement.

I would suggest removing the `encode` and `decode` methods included in `dlg_specific.c` file.

Notes: 
* The option conn_settings was required to be URL-Encoded in the past, but this requirement was removed in [this ](https://github.com/postgresql-interfaces/psqlodbc/commit/94070db14b11de3cbf1fd3b510023e5057810e1c) commit.
    * Why? and Why not with the password? 
* This problem does not happen if the credentials stored in the DSN are used.
* Microsoft ODBC documentation of [SQLDriverConnect](https://learn.microsoft.com/en-us/sql/odbc/reference/syntax/sqldriverconnect-function?view=sql-serve...) function
    * If this requirement is removed, the client could use the ODBC specification to determine if the password must be sent between brackets.
* Reviewed useful information in [this](https://www.postgresql.org/message-id/5194F426.1020000%40tpf.co.jp) message from the mailing list.

Please, feel free to ask anything which is not clear with my description.

view thread (3+ messages)  latest in thread

reply

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Reply to all the recipients using the --to and --cc options:
  reply via email

  To: github://postgresql-interfaces/psqlodbc
  Cc: [email protected], [email protected]
  Subject: Re: [postgresql-interfaces/psqlodbc] issue #42: Why does the ODBC driver expect the password in a connection string to be URL-encoded?
  In-Reply-To: <<[email protected]>>

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox