]> git.ipfire.org Git - thirdparty/haproxy.git/commitdiff
projects / thirdparty / haproxy.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: faacc6c)
DOC: config: recommend single quoting passwords
authorLukas Tribus <lukas@ltri.eu>
Tue, 12 Aug 2025 16:28:55 +0000 (16:28 +0000)
committerWilliam Lallemand <wlallemand@haproxy.com>
Wed, 13 Aug 2025 07:08:25 +0000 (09:08 +0200)
Suggests single quoting passwords and update examples to avoid unexpected
behaviors due to special characters.

Should be backported to stable versions.

Link: https://discourse.haproxy.org/t/enhance-documentation-for-insecure-passwords-and-invald-characters/11959
doc/configuration.txt patch | blob | blame | history

diff --git a/doc/configuration.txt b/doc/configuration.txt
index b2d0aba7decfa666ba6fdea41b06e0f205b8ddf9..84800a2cf4b5430848a076d3bd69b151560997ac 100644 (file)
--- a/doc/configuration.txt
+++ b/doc/configuration.txt
@@ -12142,9 +12142,9 @@ stats admin { if | unless } <cond>
     # statistics admin level depends on the authenticated user
     userlist stats-auth
         group admin    users admin
-        user  admin    insecure-password AdMiN123
+        user  admin    insecure-password 'AdMiN123'
         group readonly users haproxy
-        user  haproxy  insecure-password haproxy
+        user  haproxy  insecure-password 'haproxy'
 
     backend stats_auth
         stats enable
@@ -29799,22 +29799,26 @@ user <username> [password|insecure-password <password>]
   slower than their glibc counterparts when calculating hashes, so you might
   want to consider this aspect too.
 
+  All passwords are considered normal arguments and are therefor subject to
+  regular section 2.2 Quoting and escaping. Single quoting passwords is
+  therefor recommended.
+
   Example:
         userlist L1
           group G1 users tiger,scott
           group G2 users xdb,scott
 
           user tiger password $6$k6y3o.eP$JlKBx9za9667qe4(...)xHSwRv6J.C0/D7cV91
-          user scott insecure-password elgato
-          user xdb insecure-password hello
+          user scott insecure-password 'elgato'
+          user xdb insecure-password 'hello'
 
         userlist L2
           group G1
           group G2
 
           user tiger password $6$k6y3o.eP$JlKBx(...)xHSwRv6J.C0/D7cV91 groups G1
-          user scott insecure-password elgato groups G1,G2
-          user xdb insecure-password hello groups G2
+          user scott insecure-password 'elgato' groups G1,G2
+          user xdb insecure-password 'hello' groups G2
 
   Please note that both lists are functionally identical.
 
Mirror of https://github.com/haproxy/haproxy.git