[Django] #23658: Provide the password to PostgreSQL from "dbshell" command
Django
----------------------------------------------+----------------------------
Reporter: etanol | Owner: nobody
Type: New feature | Status: new
Component: Database layer (models, ORM) | Version: 1.7
Severity: Normal | Keywords: postgresql
Triage Stage: Unreviewed | dbshell
Easy pickings: 1 | Has patch: 1
| UI/UX: 1
----------------------------------------------+----------------------------
With the PostgreSQL Django backend, if the database configuration defines
a password, it is not used by the "dbshell" command. Unlike the "mysql"
command, the "psql" command accepts the password through the process
environment. It would be a more uniform experience if the PostgreSQL
driver behaved the same.
Also note from the attached patch that "os.execvpe()" also works on
Windows, so there's no need to distinguish between the two systems.
--
Ticket URL: <https://code.djangoproject.com/ticket/23658>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
Django
Reporter: etanol | Owner: nobody
Type: New feature | Status: new
(models, ORM) | Resolution:
Severity: Normal | Triage Stage:
Keywords: postgresql dbshell | Unreviewed
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 1 | UI/UX: 1
-------------------------------------+-------------------------------------
Changes (by aaugustin):
* needs_better_patch: => 0
* needs_tests: => 0
* needs_docs: => 0
Comment:
Duplicate of #19893 and #7554, which was closed as wontfix, but I'm not
opposed to reconsidering since the question comes up regularly.
--
Ticket URL: <https://code.djangoproject.com/ticket/23658#comment:1>
Django
Reporter: etanol | Owner: nobody
Type: New feature | Status: new
(models, ORM) | Resolution:
Severity: Normal | Triage Stage: Accepted
Keywords: postgresql dbshell | Needs documentation: 1
Has patch: 1 | Patch needs improvement: 1
Needs tests: 0 | UI/UX: 0
Easy pickings: 0 |
-------------------------------------+-------------------------------------
Changes (by loic):
* cc: loic (added)
* needs_better_patch: 0 => 1
* version: 1.7 => master
* easy: 1 => 0
* needs_docs: 0 => 1
* ui_ux: 1 => 0
* stage: Unreviewed => Accepted
Comment:
+1 for this approach, marking as accepted.
From my understanding MySQL support the `MYSQL_PWD` env var, wouldn't that
work?
--
Ticket URL: <https://code.djangoproject.com/ticket/23658#comment:2>
Django
Reporter: etanol | Owner: nobody
Type: New feature | Status: new
(models, ORM) | Resolution:
Severity: Normal | Triage Stage: Accepted
Keywords: postgresql dbshell | Needs documentation: 1
Has patch: 1 | Patch needs improvement: 1
Needs tests: 0 | UI/UX: 0
Easy pickings: 0 |
-------------------------------------+-------------------------------------
Comment (by etanol):
The `mysql` command clobbers the password given in the command line, so
I'm not sure if the MySQL backend needs to change it. Clobbering the
process environment is also possible, just as hacky as doing it in `argv`,
however the password length is still ''leaked''. PostgreSQL would need a
patch for that, though.
On a side note, I just realized that there's no need to copy the
`os.environment` dictionary because the page table is going to be wiped
out by `os.execvp` anyway.
And finally, in the MySQL backend, the use of `os.system` on Windows can
also be removed. But that probably needs a separate patch.
--
Ticket URL: <https://code.djangoproject.com/ticket/23658#comment:3>
Django
Reporter: etanol | Owner: nobody
Type: New feature | Status: new
(models, ORM) |
Severity: Normal | Resolution:
Keywords: postgresql dbshell | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 1
Needs tests: 0 | Patch needs improvement: 1
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Comment (by rhertzog):
I would like to point out the discussion we just had on
http://bugs.debian.org/781033 : namely that PGPASSWD is a deprecated
feature. The correct way to handle this would be to setup a temporary
password file that is then passed to the PGPASSFILE environment variable.
http://www.postgresql.org/docs/9.0/interactive/libpq-envars.html
https://stackoverflow.com/questions/6523019/postgresql-scripting-psql-
execution-with-password
--
Ticket URL: <https://code.djangoproject.com/ticket/23658#comment:4>
Django
Reporter: etanol | Owner: nobody
Type: New feature | Status: new
(models, ORM) |
Severity: Normal | Resolution:
Keywords: postgresql dbshell | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 1
Needs tests: 0 | Patch needs improvement: 1
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Comment (by nirgal):
I wrote a patch at https://github.com/django/django/pull/4392
Please review it.
--
Ticket URL: <https://code.djangoproject.com/ticket/23658#comment:5>
Django
Reporter: etanol | Owner: nobody
Type: New feature | Status: new
(models, ORM) |
Severity: Normal | Resolution:
Keywords: postgresql dbshell | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 1
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
* needs_better_patch: 1 => 0
--
Ticket URL: <https://code.djangoproject.com/ticket/23658#comment:6>
Django
Reporter: etanol | Owner: nobody
Type: New feature | Status: new
(models, ORM) |
Severity: Normal | Resolution:
Keywords: postgresql dbshell | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 1
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
* needs_better_patch: 0 => 1
--
Ticket URL: <https://code.djangoproject.com/ticket/23658#comment:7>
Django
Reporter: etanol | Owner: nobody
Type: New feature | Status: new
(models, ORM) |
Severity: Normal | Resolution:
Keywords: postgresql dbshell | Triage Stage: Accepted
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
* needs_better_patch: 1 => 0
* needs_docs: 1 => 0
--
Ticket URL: <https://code.djangoproject.com/ticket/23658#comment:8>
Django
Reporter: etanol | Owner: nobody
Type: New feature | Status: new
(models, ORM) |
Severity: Normal | Resolution:
Keywords: postgresql dbshell | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Changes (by timgraham):
* needs_better_patch: 0 => 1
--
Ticket URL: <https://code.djangoproject.com/ticket/23658#comment:9>
Django
Reporter: etanol | Owner: nobody
Type: New feature | Status: closed
Component: Database layer | Version: master
(models, ORM) |
Keywords: postgresql dbshell | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 1
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
* status: new => closed
* resolution: => fixed
Comment:
In [changeset:"b64c0d4d613b5cabedbc9b847682fe14877537de" b64c0d4]:
{{{
#!CommitTicketReference repository=""
revision="b64c0d4d613b5cabedbc9b847682fe14877537de"
Fixed #23658 -- Provided the password to PostgreSQL dbshell command
The password from settings.py is written in a temporary .pgpass file
file whose name is given to psql using the PGPASSFILE environment
variable.
}}}
--
Ticket URL: <https://code.djangoproject.com/ticket/23658#comment:10>
Django
Reporter: etanol | Owner: nobody
Type: New feature | Status: closed
Component: Database layer | Version: master
(models, ORM) |
Severity: Normal | Resolution: fixed
Keywords: postgresql dbshell | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 1
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Comment (by Tim Graham <timograham@…>):
In [changeset:"b535eb3fcb6768b2ee2a900c3ca7217b5aecffa6" b535eb3]:
{{{
#!CommitTicketReference repository=""
revision="b535eb3fcb6768b2ee2a900c3ca7217b5aecffa6"
Refs #23658 -- Fixed unclosed file in dbshell tests.
}}}
--
Ticket URL: <https://code.djangoproject.com/ticket/23658#comment:11>
Django
Reporter: etanol | Owner: nobody
Type: New feature | Status: closed
Component: Database layer | Version: master
(models, ORM) |
Severity: Normal | Resolution: fixed
Keywords: postgresql dbshell | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 1
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Comment (by Tim Graham <timograham@…>):
In [changeset:"6bd8462380e1c078969867d9a0f4871fcdbe52b4" 6bd84623]:
{{{
#!CommitTicketReference repository=""
revision="6bd8462380e1c078969867d9a0f4871fcdbe52b4"
Refs #23658 -- Fixed dbshell tests on Windows.
}}}
--
Ticket URL: <https://code.djangoproject.com/ticket/23658#comment:12>