Enhance documentation for insecure-passwords and "invald" characters

pasche · August 8, 2025, 7:37am

Hi community,

for some service, we are still using “basic auth”. As we noticed heavy CPU usage due to the used encryption method, we chose to switch that to “insecure-passwords”. But then, the password of a user did not work anymore.

This is caused by the password containing the “#” character in between. haproxy seems to treat this as a start of a comment at the end of a line while parsing the config file. So in that special case, the “valid” password was the string until the (first?) “#” character.

It would be good to either add a small hint to the “user” documentation or - if possible - to adjust the parsing (which could then allow to also accept “#” characters within passwords while using “insecure-password” option).

Thanks.

Robert

lukastribus · August 8, 2025, 7:58am

There is an entire section about this in the docs, see 2.2. Quoting and escaping.

Either escape the char or quote it with single quotes:

very\#secret\#pw
'very#secret#pw'

Single quoting all the insecure-password examples in the docs would probably be beneficial, I will send a patch for this.

pasche · August 8, 2025, 8:34am

Thank you very much for banging my head into this section. I’m currently dancing on too many parties that I did not “see” this.

Nothing more to be done. Topic closed.

lukastribus · August 13, 2025, 9:57am

Nonetheless I have adjusted the doc examples and added a note:

Topic		Replies	Views
Doc: incorrectly displayed opening single quotes Site Feedback	2	440	August 5, 2022
Does haproxy really block http request with invalid characters ? (RFC7230) Help!	0	25	January 14, 2025
Can't use hash password for user authentication Help!	3	2915	December 14, 2019
Disable PH checks Help!	25	3282	January 7, 2020
Valid config invalid Help!	3	898	January 24, 2022

Enhance documentation for insecure-passwords and "invald" characters

Related topics