I have issue with special character in password - '#'.
Issue that i don't know how to pass password with this special character to script file and connect using sqlplus.
For example i have user 'test_user' with password 'temp123#'. For login via sqlplus i use following string with escaping: sqlplus test_user/\"temp123#\"#some-db:1521/SID
It's works well. For my case i need to pass password as parameter for sql script. For example, i have following script to connect (actually script using several pairs of login/password to update many users at once):
-- #deploy.sql
connect &&2./&&3.#&&1.
At have failure with that because password with '#' can't interpreted correctly by sqlplus. I tried many advices from google with escaping but mostly of them applicable for connect string at sqlplus invoke. For my case its required for parameter that passed to script.
use : cmd.exe and not powershell window
if not :
in powershell windows : sqlplus 'login/\"P#$$w0rd\"#TNS_NAME'
in cmde.exe : sqlplus login/\"P#$$w0rd\"#TNS_NAME
Just quotes required in connect string:
connect &&2./"&&3."#&&1.
Related
I am trying to encrypt the following password my^Password using below:
.\encrypt.bat input=j!p^RVKvt3LaHw37 "password=<my_salt>" "algorithm=PBEWITHSHA256AND256BITAES-CBC-BC" providerClassName=org.bouncycastle.jce.provider.BouncyCastleProvider
When I decrypt the encrypted string, The exponent sign ^ is gone. I've also noticed this issue with some other symbols.
.\decrypt.bat 'input=<encrypted-string>' "password=<my_salt>" "algorithm=PBEWITHSHA256AND256BITAES-CBC-BC" providerClassName=org.bouncycastle.jce.provider.BouncyCastleProvider
Output:
myPassword
Can anyone help fix this issue? I've scorched the internet but could not find any solution.
It turns out that windows powershell has a bug where it can’t properly encode a password with special characters. I performed the exact same commands on command prompt and it worked like a charm.
I have a stored procedure created in MySQL DB. This database is accessed as linked server through Microsoft SQL Server 2012 using Microsoft SQL Server Management Studio. The provider selected while creating linked server is "Microsoft OLE DB Provider for ODBC Drivers".
When I run following as text from Report builder 3.0 it runs fine and fetch data.
EXEC('CALL storedProcedureName(''string1'', ''string2'', ''string3'')') AT LinkedServerName;
But when I try to replace string1, string2, string3 with parameter name parameter1, parameter2, parameter3 as:
EXEC('CALL storedProcedureName(#parameter1, #parameter2, #parameter3)') AT LinkedServerName;
I get error:
Could not execute statement on remote server 'LinkedServerName'.
(Microsoft SQL Server, Error: 7215)
And when I try:
EXEC('CALL storedProcedureName('#parameter1', '#parameter2', '#parameter3')') AT LinkedServerName;
I get the prompt to enter values for parameter1, parameter2, parameter3. But when I enter the values and click ok, I get error:
Incorrect syntax near '#parameter1'. (Microsoft SQL Server, Error: 102)
Question: Am I missing something in syntax or is this a bug?
The linked server has:
"RPC" and "RPC out" set to True.
And the OLEDB provider has:
Enabled allow inprocess
Enabled dynamic parameter
I believe you have to call it like the below. So params become strings wrapped in single quotes:
EXEC('CALL storedProcedureName('''+#parameter1+''', '''+#parameter2+''', '''+#parameter3+''')') AT LinkedServerName;
I know this is an older question but the accepted answer is open to SQL Injection and I think it's important to offer a more secure method.
You really want to use a parameterized query
EXEC('CALL storedProcedureName(?,?,?)',#parameter1, #parameter2, #parameter3) AT LinkedServerName;
I know this works for oracle and it should work for MySql as well.
While using Grails 2.4.5 org.codehaus.groovy.runtime.ProcessGroovyMethods on Ubuntu 14.04:
def command = "mysqldump -h${databaseProperties.host} -u'${databaseProperties.username}' -p'${databaseProperties.password}' ${databaseProperties.name} " + table
print command
def proc = command.execute()
def oneMinute = 60000
proc.waitForOrKill(oneMinute)
if(proc.exitValue()!=0){
println "[[return code: ${proc.exitValue()}]]"
println "[[stderr: ${proc.err.text}]]"
return null
}else{
return proc.in.text.readLines()
}
I've got
[[return code: 2]]
[[stderr: mysqldump: Got error: 1045: Access denied for user 'root'#'localhost' (using password: YES) when trying to connect]]
but when I copy-paste printlined command into my bash I receive proper dump. What is going on?
I've also tried:
changing mysqldump to full path: /usr/bin/mysqldump
sending arguments as a String array but with the same
result.
sending command as a regular String to execute:
"mysqldump -hlocalhost -u'root' -p'password' database table"
it works in system bash, it doesn't as a ProcessGroovyMethod...
Update:
After thinking about this overnight, I'm (still) convinced that the problem is related to your password. Since it's really not a best practice to provide the password on the command line (mysqldump even warns you about this), I think you should change tactics by creating a login-path.
Use the following command to create a login path (this is a one-time step):
mysql_config_editor set --login-path=name --host=localhost --user=youruser --password
Then change the command you're attempting to execute from Groovy to this:
def command="mysqldump --login-path=name database table"
This will work around the issue you're seeing and is more secure.
Original answer:
I was able to replicate the problem. String.execute() doesn't use a command shell, and therefore the single quotes are getting passed to mysqldump as if they were part of your password.
Edit: After some further thought, I don't think Groovy's String.execute() is the way to go here, because of its unexpected handling of quotes. It's fine if your password doesn't include spaces, but this is likely to be brittle.
If you need more control, you should consider using ProcessBuilder:
ProcessBuilder pb = new ProcessBuilder("mysqldump", "-h${databaseProperties.host}", "-u${databaseProperties.username}", "-p${databaseProperties.password}", databaseProperties.name, table);
pb.inheritIO();
Process p = pb.start();
Edit: Further research, just tested this with a password that includes spaces. command.execute() doesn't handle this properly, but using the ProcessBuilder method works.
Here's another post explaining some of the unexpected behavior of the String.execute() method:
Groovy: strings with embedded quotes don't execute as expected
I'm building an iOS application that communicates with a remote server. In this case, I'm executing commands using SSH, however, the response coming back from the server is coming in the form of what appears to be hexadecimal. My delegate function for handling responses from a remote server takes the response argument as an NSString, however, this is the content of the string returned (command executed was "ls /" )
ls /\r\n\x1b[0m\x1b[01;34mbin\x1b[0m \x1b[01;34mdev\x1b[0m \x1b[01;36minitrd.img\x1b[0m \x1b[01;34mlib64\x1b[0m \x1b[01;34mmnt\x1b[0m \x1b[01;34mroot\x1b[0m \x1b[01;34msrv\x1b[0m \x1b[01;34musr\x1b[0m\r\n\x1b[01;34mboot\x1b[0m \x1b[01;34metc\x1b[0m \x1b[01;36minitrd.img.old\x1b[0m \x1b[01;34mlost+found\x1b[0m \x1b[01;34mopt\x1b[0m \x1b[01;34mrun\x1b[0m \x1b[01;34msys\x1b[0m \x1b[01;34mvar\x1b[0m\r\n\x1b[01;34mcdrom\x1b[0m \x1b[01;34mhome\x1b[0m \x1b[01;34mlib\x1b[0m \x1b[01;34mmedia\x1b[0m \x1b[01;34mproc\x1b[0m \x1b[01;34msbin\x1b[0m \x1b[30;42mtmp\x1b[0m \x1b[01;36mvmlinuz\x1b[0m'
If this is in fact hexadecimal, how to I convert this back to a readable string for display purposes? If it's not hexadecimal, does anyone know what it is?
EDIT:
Since this is ANSI Color Control Codes, what's the best method to remove them?
prepend "\" to the beginning of the command
$ \ls
or provide handling for the escape sequences (strip, display)
Anyone still using TinyGet?
When I pass a single query string parameter, everything works fine. As soon as I try to add a second param I get an error.
Here's an example of the error I'm getting:
C:\Program Files\IIS Resources\TinyGet>tinyget -srv:mydomain.com -uri:/Search/Results?q=food&pIndex=5 -loop:10
'pIndex' is not recognized as an internal or external command, operable program or batch file.
I've reviewed resources like http://code.google.com/p/toolsdotnet/wiki/TinyGet and I can't get this to work. Any ideas?
(PS: I tried tagging this "TinyGet" but I don't have enough rep, in case someone else wants to do that.)
I got an answer over at the IIS forums (http://forums.iis.net/p/1166670/1940071.aspx#1940071).
The ampersand must be escaped with the ^ character, so in this case the call would be:
C:\Program Files\IIS Resources\TinyGet>tinyget -srv:mydomain.com -uri:/Search/Results?q=food^&pIndex=5 -loop:10
You could also just wrap the uri in quotes.