From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <v.shpilevoy@tarantool.org>
Received: from smtp62.i.mail.ru (smtp62.i.mail.ru [217.69.128.42])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by dev.tarantool.org (Postfix) with ESMTPS id 38F1A452566
 for <tarantool-patches@dev.tarantool.org>;
 Tue,  5 Nov 2019 12:39:48 +0300 (MSK)
References: <c83b11bf88f7249fbce6902e768047dcbcc55401.1572880138.git.v.shpilevoy@tarantool.org>
 <20191104154007.GA29244@atlas>
From: Vladislav Shpilevoy <v.shpilevoy@tarantool.org>
Message-ID: <6b26cb8e-ae6e-50f5-8b1a-3318cedec69a@tarantool.org>
Date: Tue, 5 Nov 2019 12:45:37 +0300
MIME-Version: 1.0
In-Reply-To: <20191104154007.GA29244@atlas>
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Subject: Re: [Tarantool-patches] [PATCH 1/1] replication: use empty password
	by default
List-Id: Tarantool development patches <tarantool-patches.dev.tarantool.org>
List-Unsubscribe: <https://lists.tarantool.org/mailman/options/tarantool-patches>, 
 <mailto:tarantool-patches-request@dev.tarantool.org?subject=unsubscribe>
List-Archive: <https://lists.tarantool.org/pipermail/tarantool-patches/>
List-Post: <mailto:tarantool-patches@dev.tarantool.org>
List-Help: <mailto:tarantool-patches-request@dev.tarantool.org?subject=help>
List-Subscribe: <https://lists.tarantool.org/mailman/listinfo/tarantool-patches>, 
 <mailto:tarantool-patches-request@dev.tarantool.org?subject=subscribe>
To: Konstantin Osipov <kostja.osipov@gmail.com>, tarantool-patches@dev.tarantool.org



On 04/11/2019 18:40, Konstantin Osipov wrote:
> * Vladislav Shpilevoy <v.shpilevoy@tarantool.org> [19/11/04 18:21]:
>> Replication's applier encoded an auth request with exactly the
>> same parameters as extracted by the URI parser. I.e. when no
>> password was specified, the parser returned it as NULL, and it was
>> not encoded. The relay, received such an auth request, complained
>> that IPROTO_TUPLE field is not specified (this is password).
>>
>> Such an error confuses - a user didn't do anything illegal, he
>> just used URI like 'login@host:port', without a password after the
>> login.
>>
>> The patch makes the applier use an empty string as a default
>> password.
>>
>> An alternative was to force a user always set a password even if
>> it is an empty string, like that: 'login:@host:port'. And if a
>> password was not found in an auth request, then reject it with a
>> password mismatch error. But in that case a URI of kind
>> 'login@host:port' becomes useless - it can never pass. In
>> addition, netbox already uses an empty string as a default
>> password. So the only way to make it consistent, and don't break
>> anything - repeat netbox logic for replication URIs.
> 
> LGTM.
> 
> Obviously this is a crutch, but let's see if it is a useful one.
> 
> 

I agree, I am on your side that we should not set an implicit
empty string password by default. But what is more important,
our API should be consistent. Netbox already sets default empty
string password. And we can't break it. So the only solution -
do the same for replication.