Blog Documentation Book a Demo
Vanilla 1 is no longer supported or maintained. If you need a copy, you can get it here.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

Blank Database Password Bug

GameDudeXGameDudeX
edited July 2006 in Vanilla 1.0 Help
I thought I'd give vanilla a try on my local test server (using WAMP). By default, WAMP uses a blank password for the root account.

When I went through installing vanilla, it worked okay and used the blank password which I did not put.

However, after the installation, when I tried to login I get the following error:
Access denied for user 'root'@'localhost' (using password: YES)

So, I looked into your code to try to analyze what was going on. Apparently, here's what happening:
When testing the connection in installer.php it correctly uses the password supplied however I noticed that if the password is blank, it does not save it in conf/database.php like it's supposed to.

Here's what my complete file looks like:
<?php // Database Configuration Settings $Configuration['DATABASE_HOST'] = 'localhost'; $Configuration['DATABASE_NAME'] = 'vanilla'; $Configuration['DATABASE_USER'] = 'root'; ?>

Well, so now because appg/settings.php contains the following line:
$Configuration['DATABASE_PASSWORD'] = 'your_vanilla_database_password';
This is what gets set as the password since there is no line in conf/database.php that overwrites this.

So that's why I get the access denied error above.

[edit]
Oh, and for those of you who may have the same problem and don't know how to fix this, just add the following line to your conf/database.php:
$Configuration['DATABASE_PASSWORD'] = '';

Comments

  • lechlech
    I think I'm stating the obvious here when I say that using root with a blank password is a bad idea. Even though understandably it's a local setup, you want to lock that account down with a password and only use it to create and modify new users & db's. It's just good practice :)
  • remoukremouk New
    I agree with you lech, but the issue is still there. :)
  • lechlech
    yeah, It's a hint saying "hey, you're not only using ROOT, but you're using it with a BLANK PASSWORD" so that's like, double bad.
  • GameDudeXGameDudeX
    Well, yeah, I already knew that it's EXTREMELY unsecure and EXTREMELY bad. This is not something that I do for my production server, just for my testing server. Anyways, if my testing server's access to the network is restricted, I don't worry too much about it.

    The only reason I mentioned this was because of the fact that the bug exists.
This discussion has been closed.