No question mark allowed in password

[chowey]

There is an issue that causes question marks in passwords to be rejected from the connection string. e.g.:

var str = 'pg://joe:[email protected]/local';
pg.connect(str, function (err, client) {});

will throw an error, because url.parse(str) returns:

{ protocol: 'pg:',
  slashes: true,
  host: 'joe',
  hostname: 'joe',
  href: 'pg://joe:[email protected]/local',
  search: '[email protected]/local',
  query: '[email protected]/local',
  pathname: '/:shmoe' }

which is clearly incorrect. I expected that if I encodeURIComponent the password, that pg would figure it all out for me. However, this would require we change utils.js from:

27  config.password = auth[1];

to:

27  config.password = decodeURIComponent(auth[1]);

I see no adverse response to this, since any password that would be changed by decodeURIComponent will already break the system (correct me if I'm wrong).

What are your thoughts?

[booo]

As far as I know this is a bug in the nodejs implementation. See the "closed" ticket: #34

[chowey]

Thanks, I see that now.

I read up on the spec at http://www.ietf.org/rfc/rfc1738.txt (Section 3.1), which says that ":", "@" and "/" must be encoded. I does NOT say that "%", "?", "#" must be encoded, yet these cause url.parse to fail. So the node.js implementation is bugged.

That being said, the pg implementation is still naive. If url.parse worked as expected, pg would still fail for passwords with ":", "@" and "/" in them, since it would not unecode these before sending them to postgres.

Is the expectation that url.parse should unencode the ":", "@" and "/"?

[chowey]

I figure I'll close this and pursue the matter with the url.parse boys.