Hi Raphael Hertzog wrote: > On Mon, 23 Mar 2015, Jean-Michel Nirgal Vourgère wrote: >> (...) When one runs the generated ./manage.py with (...) "dbshell" >> argument, django only uses host,dbname and username. Then a prompt >> asks the user for the password. > > dbshell just runs "psql" with the appropriate parameters. psql does > not accept a password on the command-line or in an environment variable > (because it's unsafe, as other users can see the command line), but only > interactively. > > Thus there is just no way to safely feed the password, short of hijacking > the whole standard input of psql or automatically modifying ~/.pgpass (both > possibilities look bad to me) > > (...)
Thank you for the details. I dig a little bit, and I found a stackoverflow question [1] about psql authentication. It points to a list of environment variable of interest at http://www.postgresql.org/docs/9.0/interactive/libpq-envars.html PGPASSWORD would do the trick, but because of exposure to ps -e, that looks like a Bad Idea™. Another possibility is PGPASSFILE env, that provide an alternate ~/.pgpass file. I believe a temporary file would work. This wouldn't require hacking any existing .pgpass. It is very unlikely that an existing .pgpass file would be in required for django to work, but we could attempt to copy its content at the beginning of the temporary file, just to be safe. I do agree this is a minor problem, but it would be nice if it would work for everyone without the need of maintaining a copy of the current password in another file. -- [1] https://stackoverflow.com/questions/6523019/postgresql-scripting-psql-execution-with-password Nirgal
signature.asc
Description: OpenPGP digital signature
