phoenix icon indicating copy to clipboard operation
phoenix copied to clipboard

Published 20 hours ago verified publisher icon phoenixframework

Default configuration of bundle prevents Windows Authentication that's otherwise supported by Doctrine

Open przemo-hemmersbach opened this issue 4 years ago • 2 comments

Versions: PHP - not relevant DoctrineBundle - master

Windows Authentication is authentication method which will use Windows credentials to log into MS SQL Server (e.g. user account when running PHP from CLI, or web server account when running PHP in it's process).

Doctrine supports this method as a fallback option. If both user and passwords are null, windows auth will be used. (Technically it's fallback option of sql server driver with the same conditions. Doctrine just refrains from providing their own default values).

However DoctrineBundle will supplay a default value ('root') if user is not specified and prevent use of Windows Authentication.

(here is relevant code) https://github.com/doctrine/DoctrineBundle/blob/master/DependencyInjection/Configuration.php#L199

This forces workaround where developer have to explicitly set user: null to prevent default value. This also makes configuration brittle, as technically user: null is equivalent to no user from YAML perspective. There is a chance that somebody will "clean up" this configuration and break the app.

Finally, 'root' is not RDBMs agnostic default account. It may not be appropriate as default value in any case. Since "default" is dependent on driver and platform it may be optimal to defer selection of default/fallback account till those are available to provide necessary info?

To clarify: It's a bug report. But if a bug is judged as "wont fix", then please consider it as improvement request.

przemo-hemmersbach avatar May 05 '20 07:05 przemo-hemmersbach

It could be considered a bug, but fixing it would entail a BC break. My suggestion would be to deprecate relying on the default username/password combination and get people to explicitly set it in their config. Then, we can change this to null in the next major version.

alcaeus avatar May 05 '20 09:05 alcaeus

Ok let's deprecate it

ostrolucky avatar May 05 '20 10:05 ostrolucky

I was thinking about this again. After all this time there was no further feedback here and changing the default username is a big thing for few users (it's rare to us sqlsrv in php world) so I don't think it's worth it doing it. Sqlsrv users just need to change user to null, it's not such a big deal. Root works fine for other databases.

ostrolucky avatar Aug 05 '23 09:08 ostrolucky