[CSHARP-469] Server cannot connect with password carrying '@' character. Created: 10/May/12  Updated: 05/Apr/19  Resolved: 10/May/12

Status: Closed
Project: C# Driver
Component/s: None
Affects Version/s: 1.4.2
Fix Version/s: None

Type: Task Priority: Minor - P4
Reporter: Prithiraj Sengupta Assignee: Robert Stam
Resolution: Done Votes: 0
Labels: driver, question
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Depends

 Description   

If the password carries '@' character in the connection string, the connection doesn't happen and throws error.

E.g if the password is 'somepassword1@' in a connection string, it returns only 'somepassword1'. So, this password fails to connect to the database.

FileName : MongoUrlBuilder.cs
Git Path: https://github.com/mongodb/mongo-csharp-driver/blob/master/Driver/Core/MongoUrlBuilder.cs
Line 438-441
const string pattern =
@"^mongodb://" +
@"((?<username>[^:])?<password>[^@])@)?" +
@"(?<servers>" + serverPattern + "(," + serverPattern + ")*)" +
@"(/(?<database>[^?]+)?(?(?<query>.*))?)?$";
Match match = Regex.Match(url, pattern);

Thanks,
Prithiraj



 Comments   
Comment by Craig Wilson [ 14/May/12 ]

Are you still requesting that we change the regular expression? It was built to parse a valid Uri. Having 2 '@' characters is not a valid Uri. There is a simple workaround suggested by Robert above. Is there some reason you cannot use percent encoding that you haven't told us?

Comment by Prithiraj Sengupta [ 13/May/12 ]

Yes, I agree with you. This C# driver is very much advanced, and much thanks to the engineers. It is even much stronger in comparison to the other drivers from documentation and API perspective. One thing I thought to ask, can we use [^\n] instead using [^@]? Will this create any crisis?

Comment by Craig Wilson [ 12/May/12 ]

We can't stop allowing "all" special characters, as some are important to the parsing of the uri. The ":" for instance that designates a port can't be escaped, otherwise the port won't get picked up. Uris are extremely simple and the chances that you actually need to escape anything is relatively low. It would be a shame for us to go and make it difficult.

Regarding your other question, as it is unrelated to this jira, please use another forum for asking this question. Jira's are for bug reports or feature requests. You can ask your question either at stackoverflow.com or at our google groups(https://groups.google.com/forum/?fromgroups#!forum/mongodb-user).

Comment by Prithiraj Sengupta [ 12/May/12 ]

Hello Craig

Ok, I see. Should we stop allowing all the special characters in direct character format? And only allow those corresponding percent-encoded values.

And one more thing, I would like to know from the driver developers, how to save Files(mainly images) having size range between few KBs to max 5MB in mondoDB without using GridFS for the storage. Does C# driver provides any special way to save these files- Like automatic assignments of fields which defines files properties -e.g File size, File Type, Extension, File Name, Source File Path, Target File Path, File As Binary? If it does, how its done? E.g Does BSON in mondoDB takes files as Byte[](Byte Arrays) or do we need to encode these further into Base64? I would like to know the best practice which will save the memory, the transaction and the processing time.

Thanks,
Prithiraj

Comment by Craig Wilson [ 11/May/12 ]

We are using a standard uri format. Even .NET's builtin Uri class doesn't handle @ signs in the password.

new Uri("http://blah:p@ssword@localhost:3243/mongodb");

Furthermore, it isn't just @ characters. Rather, it is any character that would mess with the parsing. This includes : and /.

Comment by Prithiraj Sengupta [ 11/May/12 ]

Okay, so this is exception only to '@'.

It means, this works for all the special characters without percent-encoding except '@' character. So, there is a feeling of abnormality.

My suggestion would be to either allow all special character without percent-encoding or don't allow any special characters unless percent-encoded.

Thanks
Prithiraj

Comment by Robert Stam [ 10/May/12 ]

A MongoDB connection string is a URI, and you can escape special characters using standard URI escape mechanisms. So if your password is "p@ssword" you would encode "@" as "%40", like this:

var connectionString = "mongodb://username:p%40ssword@localhost/?safe=true";

You can find a full explanation of percent encoding for URIs here:

http://en.wikipedia.org/wiki/Percent-encoding

Comment by Prithiraj Sengupta [ 10/May/12 ]

I guess replacing with (?<password>[^\n]+) can be the solution, as no passwords can be created with a newline(\n) as character.

(?<password>[^\n]+)

const string pattern =
@"^mongodb://" +
@"((?<username>[^:])?<password>[^\n])@)?" +
@"(?<servers>" + serverPattern + "(," + serverPattern + ")*)" +
@"(/(?<database>[^?]+)?(?(?<query>.*))?)?$";
Match match = Regex.Match(url, pattern);

Thanks
Prithiraj

Generated at Wed Feb 07 21:36:56 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.