Code

Opened 5 years ago

Closed 5 years ago

Last modified 3 years ago

#10063 closed (fixed)

postgres dbshell asks for password even though I have .pgpass

Reported by: walter+django@… Owned by: nobody
Component: Core (Management commands) Version: master
Severity: Keywords: dbshell postgres psql password
Cc: carljm Triage Stage: Accepted
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: UI/UX:

Description

When running manage.py dbshell for a postgresql, one has to enter ones password for psql even when you have a proper .pgpass file set up.

For mysql, the password is supplied on the command line, for psql it is not.

According to this ticket here ( http://code.djangoproject.com/ticket/7554 ) the reason is that psql does not allow the password to be supplied on the command line. That conclusion is wrong as you can see in the attached patch (
django_psql_pass_nonsolution.patch ).

Unfortunately however, psql does not zero out it's command line arguments like mysql does. Therefore I do not recommend the patch. I do however recommend the first part ( django_psql_pass_fix.patch ) that removes the -W option. According to the psql manual, using the -W option is never necessary, and in this case it disables the .pgpass functionality.

"""This option is never essential, since psql will automatically
prompt for a password if the server demands password authenti‐
cation. However, psql will waste a connection attempt finding
out that the server wants a password. In some cases it is
worth typing -W to avoid the extra connection attempt.""" (psql manual)

(P.S. Actually, supplying the password in the mysql case is also a security risk, as the password argument can be captured if the attacker is quick enough. But that's a different discussion.)

Attachments (2)

django_psql_pass_nonsolution.patch (874 bytes) - added by walter+django@… 5 years ago.
auto-enter postgres password for dbshell
django_psql_pass_fix.patch (585 bytes) - added by walter+django@… 5 years ago.
do not ask for postgres dbshell password when not necessary

Download all attachments as: .zip

Change History (8)

Changed 5 years ago by walter+django@…

auto-enter postgres password for dbshell

Changed 5 years ago by walter+django@…

do not ask for postgres dbshell password when not necessary

comment:1 Changed 5 years ago by carljm

  • Cc carl@… added
  • Needs documentation unset
  • Needs tests unset
  • Patch needs improvement unset

comment:2 Changed 5 years ago by carljm

  • Cc carljm added; carl@… removed

comment:3 Changed 5 years ago by jacob

  • milestone set to 1.1
  • Triage Stage changed from Unreviewed to Accepted

comment:4 Changed 5 years ago by jacob

  • Resolution set to fixed
  • Status changed from new to closed

(In [10360]) Fixed #10063: stop passing the -W flag to psql since it isn't needed and interferes with .pgpass. Thanks, Walter.

comment:5 Changed 5 years ago by jacob

(In [10361]) [1.0.X] Fixed #10063: stop passing the -W flag to psql since it isn't needed and interferes with .pgpass. Thanks, Walter. Backport of r10360 from trunk.

comment:6 Changed 3 years ago by jacob

  • milestone 1.1 deleted

Milestone 1.1 deleted

Add Comment

Modify Ticket

Change Properties
<Author field>
Action
as closed
as The resolution will be set. Next status will be 'closed'
The resolution will be deleted. Next status will be 'new'
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.