Page MenuHomePhabricator
Create Task
Maniphest T6887

password-sensitive config script
Closed, InvalidPublic
Actions

Description

Author: toots

Description:
tag 34361 +upstream

--

Hi all!

This is a bug we received from our package which seems to be related to upstream source code.
I've searched in the DB and couldn't find a similar, so I'm filling a bug here, hope it's not
well known...

---

Package: mediawiki
Version: 1.4.12-1
Severity: normal

I tried to configure mediawiki using the automatic tool at

http://localhost/mediawiki/config/index.php

but it kept failing with the message

MySQL error 1045: Access denied for user 'root'@'localhost' (using password: YES)

I had just installed mysql and had root access, using a password
different from the system root account.

I changed the mysql root password using the procedure here:

http://dev.mysql.com/doc/refman/5.0/en/resetting-permissions.html

and the configuration succeeded. I think the only significant change
was that the original password had special characters (@ and $) but
the second one had only numbers and letters. I suspect the
configuration script isn't escaping the password.

  • Jim Van Zandt

Version: 1.4.x
Severity: normal
OS: Linux
Platform: Other
URL: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=344361

Details

Reference
bz4887

Event Timeline

bzimport raised the priority of this task from to Medium.Nov 21 2014, 9:05 PM
bzimport added a project: MediaWiki-libs-Rdbms.
bzimport set Reference to bz4887.
bzimport added a subscriber: Unknown Object (MLST).
bzimport created this task.Feb 6 2006, 12:58 AM
brion added a comment.Feb 6 2006, 6:17 AM

Was this the username & password given for the wiki to use, or the separate root
password given for the installer to set up the tables and user with?

Hendrik_Brummermann added a comment.Feb 6 2006, 6:20 AM

From: "James R. Van Zandt" <jrvz@comcast.net>
To: 344361@bugs.debian.org
Subject: password differences
Date: Fri, 23 Dec 2005 22:33:23 -0500

...or at least the mediawiki configuration script handles the password
differently than the shell. Maybe it's just that the suggested
command at
http://meta.wikimedia.org/wiki/Running_MediaWiki_on_Debian_GNU/Linux
for setting the mysql root password

mysqladmin -u root password xxxx

should have quotes:

mysqladmin -u root password 'xxxx'

            - Jim Van Zandt
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL