1
0
mirror of https://github.com/django/django.git synced 2025-10-26 15:16:09 +00:00
Commit Graph

9 Commits

Author SHA1 Message Date
Nick Pope
1061f52436 Fixed #32732 -- Removed usage of deprecated 'db' and 'passwd' connection options in MySQL backend.
The 'db' and 'passwd' connection options have been deprecated, use
'database' and 'password' instead (available since mysqlclient >= 1.3.8).

This also allows the 'database' option in DATABASES['OPTIONS'] on MySQL.
2021-05-12 12:21:57 +02:00
Mariusz Felisiak
009fddc96b Refs #32061 -- Fixed test_crash_password_does_not_leak() crash on Windows.
When env is passed to subprocess.run() we should pass all existing
environment variables. This fixes crash on Windows:

Fatal Python error: failed to get random numbers to initialize Python

Fatal Python error: _Py_HashRandomization_Init: failed to get random
numbers to initialize Python
Python runtime state: preinitialized
2020-11-03 11:38:40 +01:00
Simon Charette
384ac0990f Refs #32061 -- Prevented password leak on MySQL dbshell crash.
The usage of the --password flag when invoking the mysql CLI has the
potential of exposing the password in plain text if the command happens
to crash due to the inclusion of args provided to
subprocess.run(check=True) in the string representation of the
subprocess.CalledProcessError exception raised on non-zero return code.

Since this has the potential of leaking the password to logging
facilities configured to capture crashes (e.g. sys.excepthook, Sentry)
it's safer to rely on the MYSQL_PWD environment variable instead even
if its usage is discouraged due to potential leak through the ps
command on old flavors of Unix.

Thanks Charlie Denton for reporting the issue to the security team.

Refs #24999.
2020-10-30 10:12:52 +01:00
Simon Charette
bbe6fbb876 Refs #32061 -- Unified DatabaseClient.runshell() in db backends. 2020-10-29 22:22:58 +01:00
manav014
af87574a3c Fixed #6517 -- Made dbshell use charset option on MySQL.
Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2020-10-17 12:24:36 +02:00
Hasan Ramezani
9e8edc1e55 Fixed #31491 -- Allowed 'password' option in DATABASES['OPTIONS'] on MySQL. 2020-06-12 12:07:43 +02:00
Adam Johnson
5b884d45ac Fixed #29501 -- Allowed dbshell to pass options to underlying tool. 2020-04-14 14:02:51 +01:00
Paul Tiplady
335a8d7895 Fixed #28322 -- Added dbshell support for MySQL client TLS certs. 2017-06-19 18:11:25 -04:00
Tim Graham
1e63652e44 Renamed MySQL-specific dbshell test file. 2015-06-27 16:22:11 -04:00