PostgreSQL
Adam Buraczewski
adamb w polbox.pl
Sob, 6 Kwi 2002, 17:29:07 CEST
> > > Uzywam postgresa z autoryzacja. Czy jest jakis sposob aby psql
> > > uruchamiac ze skryptu tak aby sam sie autoryzowal?
> > Umieszczasz hasło w pierwszej linijce tego, co przekazujesz na wejście
> > psql'a.
> że tak powiem... u mnie działa na opak :)
Przepraszam, że nie napisałem od razu dostatecznie szczegółowo.
Jeżeli proces psql będzie podpięty do jakiegoś terminala, to zapyta
się o hasło _zawsze_. Natomiast, gdy odpalasz bez terminala
sterującego (np. cron itp.), to hasło czytane jest z stdin, czyli z
pierwszej linijki skryptu. Oto wyjaśniający fragment listu Bruce
Momjiana:
--- *** ---
> >> ... Password auth sucks from a convenience point of view
> >> (or even from a possibility point of view, for scripts; don't
> >> forget
> >> the changes that you yourself recently applied to guarantee that
> >> a
> >> script *cannot* supply a password to psql).
> > > Ack. We can't send in passwords to psql anymore? :(
> > Well, Bruce, you were the one that was hot to make that /dev/tty
> > change.
> Time to defend it.
OK, I remember now. The issue was how to handle:
cat file | psql test
In previous releases, you _had_ to have the password as the first line
in file. In the current code, if you are running from a terminal, you
supply the password from the keyboard. If you are running from a
batch
job that has no terminal (/dev/tty), you must have the password as the
first line in the file.
People were complaining about the old behavior.
I modeled the changes after the BSD getpass(), which I assume is the
standard behavior on most unixes.
It would be nice to extend .psqlrc to allow storage of passwords, but
that is only read by psql and not by all libpq applications. Not sure
how to handle this.
I will document the security problem with PGPASSWORD and add a TODO
item
to remove it in 7.3. Is that OK with everyone?
Bruce Momjian | http://candle.pha.pa.us
pgman w candle.pha.pa.us | (610) 853-3000
+ If your life is a hard drive, | 830 Blythe Avenue
+ Christ can be your backup. | Drexel Hill, Pennsylvania
19026
--- *** ---
Teraz jaśniej? :)
Pozdrawiam.
--
Adam Buraczewski <adamb w polbox.pl> * Linux registered user #165585
GCS/TW d- s-:+>+:- a- C+++(++++) UL++++$ P++ L++++ E++ W+ N++ o? K? w--
O M- V- PS+ !PE Y PGP+ t+ 5 X+ R tv- b+ DI? D G++ e+++>++++ h r+>++ y?
Więcej informacji o liście dyskusyjnej pld-users-pl