Certain complex database passwords are not escaped properly (MySQL)
Steps to reproduce:
-
Create a new MySQL database user via ISPConfig and enter the password GjX?5,Xat~\px\bA`&oMb
-
ISPConfig does not throw a validation error of any kind and gladly accepts the password.
-
Attempt to log into MySQL with username and password from step 1. (Different authentication interfaces require different escaping, e.g., logging-in via phpMyAdmin seems not to require escaping [presumably because PMA handles the required escaping].)
It is possible to discern that ISPConfig is not escaping the password fully, if at all, based on the resulting hash. The resulting hash is "*9AD1DA7A9AA075159B2E5DFCF795E03EA7FB12D0" when it should be "*01A354049D5EC637D0192E6EC3FF57EFDA2AD747".
Please see my thread at http://forums.mysql.com/read.php?10,576378,576378#msg-576378 for additional information on escaping passwords in MySQL.