Bug #108650 for DBD-mysql: Password parameter to login

The mysql C function mysql_real_connect distinguishes between null and the empty string for the password parameter. The perl connect however converts the empty string to NULL so does not maintain the functionality of the underlying mysql library. To use a value specified in a defaults file most of the parameters to mysql_real_connect can be passed as the empty string or null, however for the password parameter only the null value results in use of the value from the defaults file. To quote the documentation at https://dev.mysql.com/doc/refman/5.5/en/mysql-real-connect.html "For passwd, specify a value of NULL. (For the password, a value of the empty string in the mysql_real_connect() call cannot be overridden in an option file, because the empty string indicates explicitly that the MySQL account must have an empty password.)" However the perl implementation does not maintain the difference. The function save_hv_fetch replaces the empty string with NULL. (dbdimp.c line 2014). This results in incorrect behaviour. Given the definition of the C function I would expect the perl connect to use the value from the defaults file only if the password parameter is undef. A value of the empty string should not use the value from the defaults file. There is a workaround, the string "\0" for the password is not converted to NULL and is interpreted as the empty string by the mysql C library. NORMAN STEVENS Sr. Software Development Engineer RAYTHEON|WEBSENSE ph: +44.118.938.8661 fax: +44.118.909.7161 www.websense.co.uk<http://www.websense.co.uk> ENTER A NEW ERA OF CYBERSECURITY