Open ArthurHNL opened 5 years ago
Removing the \J
from the password gives the following error:
ERROR 1064 (42000) at line 5: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ';*{q#'Br9+qxh2\')
So I'm guessing input from variables is not escaped and the ;
at the beginning of the password is interpreted by mysql.
https://github.com/docker-library/mariadb/issues/183#issuecomment-405361398
We don't escape any password characters since we didn't want to implement the equivalent of
mysql_real_escape_string
in bash and didn't want to burden the image with an install of a library/language just for this purpose.
I see. Can you at least update the documentation of the image on the Docker hub to make this more apperent, it took me over an hour to find out why my stack did not work.
I think it's probably the single quote, not the \J that caused the error (the \J error is just the symptom).
I think it's probably the single quote, not the \J that caused the error (the \J error is just the symptom).
I recognized that however my point is that it is pretty frustrating to spent over an hour of time to find out that certain characters in a password (I obviously randomly generated this one) cause the entire container to crash. Some extra text stating like "Note that environment variables are not escaped so you can not use characters like ;
and '
" would be very welcome on the container page (https://hub.docker.com/_/mysql) under "Caveats" or "Environment variables".
Interpreted characters should be enclosed as a literal string, it's not relevant to the image's documentation since this formatting requirement affects everything that can interpret characters. And for the characters enclosed in a literal string you wouldn't want an unanticipated termination with an added matching quote inside.
You'll also want to remove the ;
as it's also being interpreted, and it doesn't seem like mysql accepts a password in a literal quote
Initialization:
$ docker run -d --rm --name mysql -e MYSQL_ROOT_PASSWORD='*{q#Br9+qxh2\J' mysql:5.7
006b5b8fa0177d28f6704eac1939757dcd4b2b1e5663705d6125bc3db3935c26
$ docker logs mysql 2>&1 | tail -n 3
2019-08-07T17:10:59.436099Z 0 [Note] Event Scheduler: Loaded 0 events
2019-08-07T17:10:59.436365Z 0 [Note] mysqld: ready for connections.
Version: '5.7.26' socket: '/var/run/mysqld/mysqld.sock' port: 3306 MySQL Community Server (GPL)
$ docker exec -it mysql bash
root@006b5b8fa017:/# echo "$MYSQL_ROOT_PASSWORD"
*{q#Br9+qxh2\J
Giving the password as a literal quote and trying a variable expansion:
root@006b5b8fa017:/# mysql -p'*{q#Br9+qxh2\J'
mysql: [Warning] Using a password on the command line interface can be insecure.
ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: YES)
root@006b5b8fa017:/# mysql -p"$MYSQL_ROOT_PASSWORD"
mysql: [Warning] Using a password on the command line interface can be insecure.
ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: YES)
root@006b5b8fa017:/# mysql -p$MYSQL_ROOT_PASSWORD
mysql: [Warning] Using a password on the command line interface can be insecure.
ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: YES)
Just passing it directly:
root@006b5b8fa017:/# mysql -p*{q#Br9+qxh2\J
mysql: [Warning] Using a password on the command line interface can be insecure.
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 3
Server version: 5.7.26 MySQL Community Server (GPL)
Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql>
I think we need to follow up with some of the improvements discussed in https://github.com/docker-library/mariadb/issues/183 (especially %q
for some basic quoting).
When creating an instance of the
mysql:5.7
container, with the following variables from an env file (using docker compose):MySQL crashes with the following output in the log: