The case of a # use in passwords

How a # in my DB password, had me spinning for a few hours.
Aug 14, 2019 — 2 mins read — Laravel

The case of a # use in passwords

I was recently hoping to rebuild my website with this blog feature and with it I decided to build the entire site in Laravel. When I was ready to switch it I realized that my old host was not allowing a newer version of PHP so I decided to switch hosts and I’m now hosting everything on DreamHost.

The entire process of moving was really straight forward and I had the site uploaded quite quickly. Only when I needed to connect the DB that the problems started. 

DreamHost has this panel where you can manage all of the aspects of the hosting and among that is the MySQL database. I created the database, entered phpMyAdmin and successfully imported the backup that I extracted from my local development environment without any issues. With the files ready and the database in place, my next step was to connect the Laravel application with it in the ‘.env’ file. 

I entered all of the details, including the password that I’ve used a generator to create and set it in DreamHost, and saved the file. To my surprise, when I opened the site, I’ve got a database connection issue saying that the user could not connect to the database. 

To make sure that I did everything right, I once again checked everything, the DB user, reset the password, checked the host, the content of the ‘.env’ file and still nothing. As a last resort, I’ve allowed remote access to the DB from my local IP address and when I tried to connect to it from MySQL Workbench, it worked so I had my ‘AHA’ moment that the problem must be in the ‘.env’ file as the database worked..

After once again looking at the configuration, I spot the problem. When I used the password generator to generate the database password, it was generated in the following format:

someRandomString1WithNumbers&SpecialChars#

Can you see it?

At the end of it, there was a # (hash) symbol that apparently worked on DreamHost to set it like a password and it also worked with MySQL workbench for me to connect to it. The root cause of the problem is with the PHP dotenv library that is used by Laravel to parse the ‘.env’ the file where it uses the # symbol as an identifier for comments. Basically, the last symbol was seen as an added comment and not as part of the password. 

Once I changed the password to something without the # symbol, everything worked as expected.

php dotenv laravel mysql
Bill Kolicoski
Written by: Bill Kolicoski
Blagojce (Bill) Kolicoski is a web developer with multiple domain knowledge gathered since he started in 2008, and he's got a real knack for all things tech, especially when it comes to building websites and fiddling with electronics. He's as excited about robots and space as he is about nurturing his garden at home. Bill is a dad who loves sharing his interests with his kids and readers alike, making sure every blog post is filled with easy-to-understand, useful info that shows just how fun and amazing the world of technology can be. His mission is to demystify technology for everyday people so they can be encouraged to play with it.
LinkedIn
Read next

DIY Power Bank

I had some battery cells that I salvaged from old Samsung mobile phones that I had laying around and I've build them into a power bank. Chec...

You might also enojy this

Variable Variables in PHP

In PHP we are allowed to name a variable with the content of another variable. These are called variable variables and can be used at...