Changes between Version 1 and Version 5 of Ticket #32456


Ignore:
Timestamp:
Feb 19, 2021, 1:28:47 AM (4 years ago)
Author:
Mariusz Felisiak
Comment:

Legend:

Unmodified
Added
Removed
Modified

  • Ticket #32456

    • Property Summary Pass dbshell passwords as option filesAdd support for PostgreSQL passfile to dbshell.
    • Property Cc Florian Apolloner Daniel Bowring Simon Charette added
    • Property Has patch unset
    • Property Type UncategorizedNew feature
    • Property Easy pickings set
    • Property Triage Stage UnreviewedAccepted
    • Property Version 3.24.0

  • Ticket #32456 – Description

    v1 v5  
    33Using the environment is somewhat more secure, but the environment of processes can potentially still be read. Both MySQL and PostgreSQL advise against using the respective environment variables.
    44
    5 I want to propose a way to solve this. I already did this in django-dbbackup, which also happened to construct a command line before:
     5Specifying [https://www.postgresql.org/docs/current/libpq-pgpass.html a password file] works for connections but `dbshell` doesn't support it, see [https://code.djangoproject.com/ticket/32456#comment:2 comment].
    66
    7 https://github.com/django-dbbackup/django-dbbackup/pull/385/commits/222152afe9032e98249cada6d7e200a3eb751e63
     7~~I want to propose a way to solve this. I already did this in django-dbbackup, which also happened to construct a command line before:~~
    88
    9 The mechanism is that in addition to the environment and args, a temporary file is generated. For PostgreSQL, this is a file in .pgpass format; for MySQL, it could be an options file. I wrapped that handling in a neat context manager.
     9~~https://github.com/django-dbbackup/django-dbbackup/pull/385/commits/222152afe9032e98249cada6d7e200a3eb751e63~~
    1010
    11 For Django itself, I did a quick shot at PostgreSQL as well, as attached in the patch. The patch is not complete, and is only intended as a base for discussion. If we find consensus about the mechanism, I will happily complete it and extend to the other backends.
     11~~The mechanism is that in addition to the environment and args, a temporary file is generated. For PostgreSQL, this is a file in .pgpass format; for MySQL, it could be an options file. I wrapped that handling in a neat context manager.~~
     12
     13~~For Django itself, I did a quick shot at PostgreSQL as well, as attached in the patch. The patch is not complete, and is only intended as a base for discussion. If we find consensus about the mechanism, I will happily complete it and extend to the other backends.~~
     14
Back to Top