DatabaseUtil silently accepts the lack of password file
DatabaseUtil is supposed to open a database connection using a password provided in a text file, whose name is determined by the service configuration.
The service then looks for that file in the
If the file is not found, though, no special action is taken, but an empty password is used.
Reported by Tingjun Yang.
#1 Updated by Gianluca Petrillo over 4 years ago
- Status changed from New to Assigned
- Assignee set to Gianluca Petrillo
- % Done changed from 0 to 80
A proposed solution is offered in branch
In there, if the password file is not found, an exception is thrown.
The only way to specify to go without password is to specify an empty file name for the password file itself in the configuration of the service.
The password file name is still mandatory, whether valid or empty.
#2 Updated by Gianluca Petrillo over 4 years ago
- Status changed from Assigned to Feedback
The suggested change is breaking in that jobs that could survive because either
- they actually did not use the database at all, or
- the database they accessed had no password
will now fail with that exception. The solution in these cases is respectively:
- specify not to try to connect to the database
- specify the name of an existing password file, which will be empty
If this behaviour is not acceptable, an alternative is to demote the exception into a warning, although this type of situations is generally considered a fatal error.