Bug #4864 ByteFX.MySqlClient caches passwords if 'Persist Security Info' is false
Submitted: 3 Aug 2004 9:40 Modified: 5 Aug 2004 22:34
Reporter: Jan Rademaker Email Updates:
Status: Closed Impact on me:
None 
Category:Connector / NET Severity:S3 (Non-critical)
Version:0.7.6.15073 OS:Microsoft Windows (WinXP)
Assigned to: Reggie Burnett

[3 Aug 2004 9:40] Jan Rademaker
Description:
When 'Persist Security Info' is not specified or set to false in the connection string passwords are cached for each user/hostname combination, or so it seams.

If 'Persist Security Info' is explicitly set to true things work as expected.

How to repeat:
private void TestConnect(string Hostname, string Username, string Password) 
{
	string res = "";
	string cs = String.Format("database=somedb;server={0};user id={1};Password={2}", 
		Hostname, Username, Password);
    
	MySqlConnection conn = new MySqlConnection(cs);

	try 
	{
		conn.Open();
	} 
	catch (Exception ex) 
	{
		res = ex.Message;
	}

	if (conn.State == ConnectionState.Open) 
	{
		conn.Close();
	}

	conn.Dispose();
	
	if (res.Length > 0)
		MessageBox.Show(res);
}

// Try this...
TestConnect("someserver", "validuser", "correctpassword");	// Works as expected...
TestConnect("someserver", "validuser", "boguspassword");	// ... this shouldn't work ...

// Or try this ...
//TestConnect("someserver", "validuser", "boguspassword");	// Connection failes, as it should
//TestConnect("someserver", "validuser", "correctpassword");	// Connection still failes
[5 Aug 2004 22:34] Reggie Burnett
Thank you for your bug report. This issue has been committed to our
source repository of that product and will be incorporated into the
next release.

If necessary, you can access the source repository and build the latest
available version, including the bugfix, yourself. More information 
about accessing the source trees is available at
    http://www.mysql.com/doc/en/Installing_source_tree.html

Additional info:

Verified and fixed.  Thanks!