Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Escaping password in oracle connection string (pass containing semicolons, quotes etc)

316 views
Skip to first unread message

Am

unread,
Nov 12, 2007, 3:59:34 PM11/12/07
to
Hi there

I've just found the problem in application I'm working on (c#, .net
2.0) - since at some point it merges the connection string from
unquoted attributes values (user=username;password=pass etc.) the
native oracle access object throws exception when the password
contains semicolon.
Msdn describing default microsoft oracle access class (http://
msdn2.microsoft.com/en-us/library/
system.data.oracleclient.oracleconnection.connectionstring(VS.
80).aspx) says that one can always quote the whole value with double-
quotes and escape each additional double quote in password by adding
another one in front of it.

Unfortunately native oracle library throws "wrong conection string
format" when quoted password contains doubled double-quotes inside.

Hence there's no way to escape all possible passwords unless:
a) there's other way to connect than through fully merged connection
string (e.g. by passing attributes individually)
b) valid password characters set is limited

regarding b) there's lot of contradictory opinions on the net - some
say everything goes (full ASCII), some say the opposite. Does is
depend on the RDBMS version?

solution a) would be the most elegant, but I don't know such a way -
do you?


thanks a lot
Am.

Niall Litchfield

unread,
Nov 13, 2007, 9:12:14 AM11/13/07
to
On Nov 12, 8:59 pm, Am <amiran.c...@gmail.com> wrote:
> Hi there
>
> I've just found the problem in application I'm working on (c#, .net
> 2.0) - since at some point it merges the connection string from
> unquoted attributes values (user=username;password=pass etc.) the
> native oracle access object throws exception when the password
> contains semicolon.
> Msdn describing default microsoft oracle access class (http://
> msdn2.microsoft.com/en-us/library/
> system.data.oracleclient.oracleconnection.connectionstring(VS.
> 80).aspx) says that one can always quote the whole value with double-
> quotes and escape each additional double quote in password by adding
> another one in front of it.

well a password containing a semi-colon doesn't seem especially
sensible to me - not as bad as one with untypable characters but
still.

> Hence there's no way to escape all possible passwords unless:
> a) there's other way to connect than through fully merged connection
> string (e.g. by passing attributes individually)

how about os authentication - don't pass the password at all.

Niall

0 new messages