I recently figured out a problem that I’ve been having with one of our internal tools. The tool is used to automatically deploy our daily builds (extremely handy when you’re doing that every other day to several test machines). As a part of the tool, you need to include the password for a test account.
We normally use the tool from an automatic test harness, essentially I enter the 4 or 5 parameters to the test and it automatically runs the tool (and other stuff if necessary).
The problem I had was that I would enter my account and password but the tool kept failing after reporting invalid parameter errors. It worked perfectly when I used a different account that is used by our testers, but when I tried using my preferred test account it kept on failing with some kind of command line parsing error.
Eventually I tracked down the actual command line being passed by the harness into the tool and I was immediately able to see the problem.
Being a security geek, my “password” is actually a passphrase – the theory is that passphrases are harder to crack than passwords because they are drawn from a larger dictionary. So my passwords tend to be things like “The rain in Spain falls mainly on the plain”.
In this case, the test harness took my password and passed it to the tool as follows (assuming that the command line for the test tool is “testtool.exe -useuser <username> <password>:
testtool.exe -useuser testaccount The rain in Spain falls mainly on the plain
Doh! Either the test tool or the test harness wasn’t handling the spaces correctly. I tried an experiment and ran the test tool manually:
testtool.exe -useuser testaccount “The rain in Spain falls mainly on the plain”
and it worked! So it appears that the problem was that the test harness wasn’t correctly handling the spaces in my password.
So I went to the maintainer of the test harness and described the problem to him.
His response? “I never knew you could have spaces in a password! Wow, I didn’t even think of that.”
On Microsoft operating systems, spaces have been legal in filenames since MS-DOS 2.0 (about 1982) and in passwords since MS-NET 1.0 (about 1984). I’m astonished that 25 years later there are people who still don’t know that.