| Bug #4864 | ByteFX.MySqlClient caches passwords if 'Persist Security Info' is false | ||
|---|---|---|---|
| Submitted: | 3 Aug 2004 11:40 | Modified: | 6 Aug 2004 0:34 |
| Reporter: | [ name withheld ] | ||
| Status: | Closed | ||
| Category: | Connector/Net | Severity: | S3 (Non-critical) |
| Version: | 0.7.6.15073 | OS: | Microsoft Windows (WinXP) |
| Assigned to: | Reggie Burnett | Target Version: | |
[6 Aug 2004 0:34]
Reggie Burnett
Thank you for your bug report. This issue has been committed to our
source repository of that product and will be incorporated into the
next release.
If necessary, you can access the source repository and build the latest
available version, including the bugfix, yourself. More information
about accessing the source trees is available at
http://www.mysql.com/doc/en/Installing_source_tree.html
Additional info:
Verified and fixed. Thanks!
Description: When 'Persist Security Info' is not specified or set to false in the connection string passwords are cached for each user/hostname combination, or so it seams. If 'Persist Security Info' is explicitly set to true things work as expected. How to repeat: private void TestConnect(string Hostname, string Username, string Password) { string res = ""; string cs = String.Format("database=somedb;server={0};user id={1};Password={2}", Hostname, Username, Password); MySqlConnection conn = new MySqlConnection(cs); try { conn.Open(); } catch (Exception ex) { res = ex.Message; } if (conn.State == ConnectionState.Open) { conn.Close(); } conn.Dispose(); if (res.Length > 0) MessageBox.Show(res); } // Try this... TestConnect("someserver", "validuser", "correctpassword"); // Works as expected... TestConnect("someserver", "validuser", "boguspassword"); // ... this shouldn't work ... // Or try this ... //TestConnect("someserver", "validuser", "boguspassword"); // Connection failes, as it should //TestConnect("someserver", "validuser", "correctpassword"); // Connection still failes