#23658: Provide the password to PostgreSQL from "dbshell" command -------------------------------------+------------------------------------- Reporter: etanol | Owner: nobody Type: New feature | Status: new Component: Database layer | Version: master (models, ORM) | Resolution: Severity: Normal | Triage Stage: Accepted Keywords: postgresql dbshell | Needs documentation: 1 Has patch: 1 | Patch needs improvement: 1 Needs tests: 0 | UI/UX: 0 Easy pickings: 0 | -------------------------------------+-------------------------------------
Comment (by etanol): The `mysql` command clobbers the password given in the command line, so I'm not sure if the MySQL backend needs to change it. Clobbering the process environment is also possible, just as hacky as doing it in `argv`, however the password length is still ''leaked''. PostgreSQL would need a patch for that, though. On a side note, I just realized that there's no need to copy the `os.environment` dictionary because the page table is going to be wiped out by `os.execvp` anyway. And finally, in the MySQL backend, the use of `os.system` on Windows can also be removed. But that probably needs a separate patch. -- Ticket URL: <https://code.djangoproject.com/ticket/23658#comment:3> Django <https://code.djangoproject.com/> The Web framework for perfectionists with deadlines. -- You received this message because you are subscribed to the Google Groups "Django updates" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-updates+unsubscr...@googlegroups.com. To post to this group, send email to django-updates@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/django-updates/064.4b0f15ec2e8376e091988581f2ab0d03%40djangoproject.com. For more options, visit https://groups.google.com/d/optout.