postgres dbshell asks for password even though I have .pgpass
|Reported by:||Owned by:||nobody|
|Component:||Core (Management commands)||Version:||master|
|Severity:||Keywords:||dbshell postgres psql password|
|Cc:||Carl Meyer||Triage Stage:||Accepted|
|Has patch:||yes||Needs documentation:||no|
|Needs tests:||no||Patch needs improvement:||no|
When running manage.py dbshell for a postgresql, one has to enter ones password for psql even when you have a proper .pgpass file set up.
For mysql, the password is supplied on the command line, for psql it is not.
According to this ticket here ( http://code.djangoproject.com/ticket/7554 ) the reason is that psql does not allow the password to be supplied on the command line. That conclusion is wrong as you can see in the attached patch (
Unfortunately however, psql does not zero out it's command line arguments like mysql does. Therefore I do not recommend the patch. I do however recommend the first part ( django_psql_pass_fix.patch ) that removes the -W option. According to the psql manual, using the -W option is never necessary, and in this case it disables the .pgpass functionality.
"""This option is never essential, since psql will automatically
prompt for a password if the server demands password authenti‐
cation. However, psql will waste a connection attempt finding
out that the server wants a password. In some cases it is
worth typing -W to avoid the extra connection attempt.""" (psql manual)
(P.S. Actually, supplying the password in the mysql case is also a security risk, as the password argument can be captured if the attacker is quick enough. But that's a different discussion.)
Change History (8)
comment:1 Changed 8 years ago by
|Patch needs improvement:||unset|