Bug #4864 ByteFX.MySqlClient caches passwords if 'Persist Security Info' is false
Submitted: 3 Aug 2004 9:40 Modified: 5 Aug 2004 22:34
Reporter: Jan Rademaker Email Updates:
Status: Closed Impact on me:
Category:Connector / NET Severity:S3 (Non-critical)
Version: OS:Microsoft Windows (WinXP)
Assigned to: Reggie Burnett CPU Architecture:Any

[3 Aug 2004 9:40] Jan Rademaker
When 'Persist Security Info' is not specified or set to false in the connection string passwords are cached for each user/hostname combination, or so it seams.

If 'Persist Security Info' is explicitly set to true things work as expected.

How to repeat:
private void TestConnect(string Hostname, string Username, string Password) 
	string res = "";
	string cs = String.Format("database=somedb;server={0};user id={1};Password={2}", 
		Hostname, Username, Password);
	MySqlConnection conn = new MySqlConnection(cs);

	catch (Exception ex) 
		res = ex.Message;

	if (conn.State == ConnectionState.Open) 

	if (res.Length > 0)

// Try this...
TestConnect("someserver", "validuser", "correctpassword");	// Works as expected...
TestConnect("someserver", "validuser", "boguspassword");	// ... this shouldn't work ...

// Or try this ...
//TestConnect("someserver", "validuser", "boguspassword");	// Connection failes, as it should
//TestConnect("someserver", "validuser", "correctpassword");	// Connection still failes
[5 Aug 2004 22:34] Reggie Burnett
Thank you for your bug report. This issue has been committed to our
source repository of that product and will be incorporated into the
next release.

If necessary, you can access the source repository and build the latest
available version, including the bugfix, yourself. More information 
about accessing the source trees is available at

Additional info:

Verified and fixed.  Thanks!