#23658: Provide the password to PostgreSQL from "dbshell" command
-------------------------------------+-------------------------------------
Reporter: etanol | Owner: nobody
Type: New feature | Status: new
Component: Database layer | Version: master
(models, ORM) | Resolution:
Severity: Normal | Triage Stage: Accepted
Keywords: postgresql dbshell | Needs documentation: 1
Has patch: 1 | Patch needs improvement: 1
Needs tests: 0 | UI/UX: 0
Easy pickings: 0 |
-------------------------------------+-------------------------------------
Comment (by etanol):
The `mysql` command clobbers the password given in the command line, so
I'm not sure if the MySQL backend needs to change it. Clobbering the
process environment is also possible, just as hacky as doing it in `argv`,
however the password length is still ''leaked''. PostgreSQL would need a
patch for that, though.
On a side note, I just realized that there's no need to copy the
`os.environment` dictionary because the page table is going to be wiped
out by `os.execvp` anyway.
And finally, in the MySQL backend, the use of `os.system` on Windows can
also be removed. But that probably needs a separate patch.
--
Ticket URL: <https://code.djangoproject.com/ticket/23658#comment:3>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-updates/064.4b0f15ec2e8376e091988581f2ab0d03%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.
