phoenix
phoenix copied to clipboard
Default configuration of bundle prevents Windows Authentication that's otherwise supported by Doctrine
Versions: PHP - not relevant DoctrineBundle - master
Windows Authentication is authentication method which will use Windows credentials to log into MS SQL Server (e.g. user account when running PHP from CLI, or web server account when running PHP in it's process).
Doctrine supports this method as a fallback option. If both user and passwords are null, windows auth will be used. (Technically it's fallback option of sql server driver with the same conditions. Doctrine just refrains from providing their own default values).
However DoctrineBundle will supplay a default value ('root') if user is not specified and prevent use of Windows Authentication.
(here is relevant code) https://github.com/doctrine/DoctrineBundle/blob/master/DependencyInjection/Configuration.php#L199
This forces workaround where developer have to explicitly set user: null
to prevent default value. This also makes configuration brittle, as technically user: null
is equivalent to no user
from YAML perspective. There is a chance that somebody will "clean up" this configuration and break the app.
Finally, 'root' is not RDBMs agnostic default account. It may not be appropriate as default value in any case. Since "default" is dependent on driver and platform it may be optimal to defer selection of default/fallback account till those are available to provide necessary info?
To clarify: It's a bug report. But if a bug is judged as "wont fix", then please consider it as improvement request.
It could be considered a bug, but fixing it would entail a BC break. My suggestion would be to deprecate relying on the default username/password combination and get people to explicitly set it in their config. Then, we can change this to null
in the next major version.
Ok let's deprecate it
I was thinking about this again. After all this time there was no further feedback here and changing the default username is a big thing for few users (it's rare to us sqlsrv in php world) so I don't think it's worth it doing it. Sqlsrv users just need to change user to null, it's not such a big deal. Root works fine for other databases.