Keep getting “SQLSTATE[HY000] [1045]” despite database credentials and permissions being correct

I’m trying to install Magento 2.3.1 locally, and I keep running into this error when I adding the database. The problem is not the credentials. Everything I’ve read about this error implies it’s a problem with the database name, user, or password. I’ve tried different databases and users – with and without passwords – and get the same result each time.

I was able to install Magento 2 once after uninstalling and reinstalling MAMP Pro. Then, I updated my PC, and the site was no longer working. Instead there was an error message telling me to view the details in the exceptions log. This is roughly how the first line of that log file said:

main.CRITICAL: exception 'PDOException' with message 'SQLSTATE[HY000] [1045] Access denied for user 'root'@'localhost' (using password: YES) 

I deleted those site files and tried installing Magento again, and I was back to getting that error message. I don’t know what else to try. I’m not reinstalling MAMP Pro every time I restart my computer.

I have a somewhat unusual setup in that I use Windows 10 with MAMP Pro 4. I don’t know if that has something to do with it.

Bad credentials

I’m getting a ‘Bad Credentials‘ error message when I try to upgrade from 2.3.0 -> 2.3.2 when a submit the access keys from the Web Wizard on the admin.

I think I read that these keys should be the same as when Magento was installed?

I didn’t know this when I begun trying to upgrade my version and have deleted any previous access keys I may of had. Could this be the cause of my ‘Bad credentials‘ error message?

Bad Credentials Error Message

v- 2.3.0 theme – Luma

I’ve had ongoing issues with trying to upgrade from 2.3.0 -> 2.3.1 and get an ‘Invalid response line returned from server: HTTP/2 401’ error message.

I’ve followed suggestions to create a Curl.php file with the path I created of lib/internal/Magento/Framework/HTTP/Client/Curl.php.

With this file in place when I use access keys to upgrade I get the ‘Bad Credentials’ error message.

What kinds of attacks are possible with credentials to a read-only Postgres user?

Assuming I implement the literal SQL-injection on an HTTP endpoint with a read-only user that limits execution time to e.g. some amount of seconds. What’s the worst that could happen? I know simple attacks could be just flooding simple queries. But is there another potential risk?

I already noticed some issues to mitigate:

  • The public role needs to be completely revoked of all permission and never granted anything.
  • Some functions might be more time and cpu intensive. I do wonder if there’s a way to limit the exposure to these other than a simple time out.
  • In general exposure to too many tables and columns.

Because this is a web service I control – I can constrain the contents of the SQL query, so that’s something I’d love to hear if there are functions, keywords or characters that I need to strip to make sure people are only making reasonable SELECT queries.

I realize this is somewhat of a vague request, but then again, security is a bit vague.