You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Radek Pospíšil <su...@outlook.com> on 2014/09/27 22:23:24 UTC
[users@httpd] Empty username causes internal server error
Hello,
I am using user authentication with the following components:
Apache/2.4.10 (Win32) + mod_auth_basic + mod_authn_dbd + mod_dbd + ODBC Driver + Microsoft SQL Server 2008(SP3).
It works fine except when I do not provide any username when browser asks for username and password. In this case I receive the "Internal Server Error" as the response instead of "Unauthorized" response.
The most interesting part of the error.log is:
[Sat Sep 27 21:23:17.639860 2014] [authn_dbd:error] [pid 1208:tid 1636] [client 127.0.0.1:1363] AH01656: Query execution error looking up '' in database [[dbd_odbc] SQLBindParameter returned SQL_ERROR (-1) at apr_dbd_odbc.c:604 [Microsoft][ODBC SQL Server Driver]Invalid precision value HY104 ]
The AuthDBDUserPWQuery directive in my httpd.conf is:
AuthDBDUserPWQuery "SELECT password FROM member WHERE CONVERT(VARCHAR(10), member_Index) = %s"
And the member_Index column in the database is smallint.
Is it a bug or am I missing something? Any ideas are welcome.
Thanx,
Radek
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
[users@httpd] RE: Empty username causes internal server error
Posted by Radek Pospíšil <su...@outlook.com>.
Surrounding %s with ' does not work at all. Empty username causes the same
error and a valid username ends with:
[Sun Sep 28 10:58:47.351564 2014] [auth_basic:error] [pid 1824:tid 1636] [client 127.0.0.1:2461] AH01618: user XY not found: /
I think dbd_odbc driver uses prepared SQL statements and it provides single quotes around string parameters automatically on its own. This is OK but something is wrong with empty values.
R.
-------------------
> Date: Sun, 28 Sep 2014 09:14:53 +0200
> From: christophe.jaillet@wanadoo.fr
> To: users@httpd.apache.org
> Subject: [users@httpd] Re: Empty username causes internal server error
>
> Hi,
>
> Could you try with ' around the %s?
> SELECT password FROM member WHERE CONVERT(VARCHAR(10),
> member_Index) = '%s'
> This way, if the username is empty, the request will still be valid.
>
> CJ
>
> Le 27/09/2014 22:23, Radek Pospíšil a écrit :
>> Hello,
>>
>> I am using user authentication with the following components:
>>
>> Apache/2.4.10 (Win32) + mod_auth_basic + mod_authn_dbd + mod_dbd + ODBC Driver + Microsoft SQL Server 2008(SP3).
>>
>> It works fine except when I do not provide any username when browser asks for username and password. In this case I receive the "Internal Server Error" as the response instead of "Unauthorized" response.
>>
>> The most interesting part of the error.log is:
>>
>> [Sat Sep 27 21:23:17.639860 2014] [authn_dbd:error] [pid 1208:tid 1636] [client 127.0.0.1:1363] AH01656: Query execution error looking up '' in database [[dbd_odbc] SQLBindParameter returned SQL_ERROR (-1) at apr_dbd_odbc.c:604 [Microsoft][ODBC SQL Server Driver]Invalid precision value HY104 ]
>>
>> The AuthDBDUserPWQuery directive in my httpd.conf is:
>>
>> AuthDBDUserPWQuery "SELECT password FROM member WHERE CONVERT(VARCHAR(10), member_Index) = %s"
>>
>> And the member_Index column in the database is smallint.
>>
>> Is it a bug or am I missing something? Any ideas are welcome.
>>
>> Thanx,
>>
>> Radek
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
[users@httpd] Re: Empty username causes internal server error
Posted by Christophe JAILLET <ch...@wanadoo.fr>.
Hi,
Could you try with ' around the %s?
SELECT password FROM member WHERE CONVERT(VARCHAR(10),
member_Index) = '%s'
This way, if the username is empty, the request will still be valid.
CJ
Le 27/09/2014 22:23, Radek Pospíšil a écrit :
> Hello,
>
> I am using user authentication with the following components:
>
> Apache/2.4.10 (Win32) + mod_auth_basic + mod_authn_dbd + mod_dbd + ODBC Driver + Microsoft SQL Server 2008(SP3).
>
> It works fine except when I do not provide any username when browser asks for username and password. In this case I receive the "Internal Server Error" as the response instead of "Unauthorized" response.
>
> The most interesting part of the error.log is:
>
> [Sat Sep 27 21:23:17.639860 2014] [authn_dbd:error] [pid 1208:tid 1636] [client 127.0.0.1:1363] AH01656: Query execution error looking up '' in database [[dbd_odbc] SQLBindParameter returned SQL_ERROR (-1) at apr_dbd_odbc.c:604 [Microsoft][ODBC SQL Server Driver]Invalid precision value HY104 ]
>
> The AuthDBDUserPWQuery directive in my httpd.conf is:
>
> AuthDBDUserPWQuery "SELECT password FROM member WHERE CONVERT(VARCHAR(10), member_Index) = %s"
>
> And the member_Index column in the database is smallint.
>
> Is it a bug or am I missing something? Any ideas are welcome.
>
> Thanx,
>
> Radek
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org