Unable to change root password for database if provided via environment variable ORIENTDB_ROOT_PASSWORD

[akshay-mahakalkar]

OrientDB Version: 3.2.32

Java Version: openjdk 11.0.23

OS: Alpine

Expected behavior

If the value of ORIENTDB_ROOT_PASSWORD is changed in the new password should be consumed.

Actual behavior

When ORIENTDB_ROOT_PASSWORD is changed, database is unable to use new password, instead continues to use old password.
When the OSystem database is deleted then only new password is consumed.

Steps to reproduce

1. Download and start OrientDB server by running ORIENTDB_ROOT_PASSWORD="password" server.sh command.
2. Try accessing the studio. Should be accessible.
3. Change the password and run again. Should not be accessible.

Extra Findings

If password is provided via orientdb-server-config.xml file as provided below
<users> <user name="root" password="Root@1234" resources="*" /> <user name="guest" password="admin" resources="connect,server.listDatabases,server.dblist" /> </users>
Then I am able to login database with both passwords. One provided via environment variable and one provided in xml file at the same time.

[tglman]

Hi,
Yes I think that password as today is retrieve and stored somewhere else, I do agree this may not be the best behavior, I will see if this can be corrected.

[tglman]

Hi,

This should be fixed in 3.2.33 let me know if you can verify it.

Regards

[akshay-mahakalkar]

Hi @tglman,

Thanks for resolving the issue. I verified it is now resolved. If new password set via environment variable it is considering the new password.
Only one thing I found new is, now the database console logs shows the database password.

Was this intentional as previously it was "INFO Found ORIENTDB_ROOT_PASSWORD variable, using this value as root's password [OServer]".

[tglman]

Hi,

Thank you for checking this, yes we should not log the password, that strange, I will double check this and make sure it doesn't happen, will leave this open till I make sure is not logged