On 02-07-13 20:53, Christian Stimming wrote:
Dear Geert or John or whoever knows this,
where does gnucash store the database password for MySQL or PostgreSQL
backend? It stores the database name, host, and username directly in the URI,
which is also visible in the file history. The URI (without the password) is
also stored in gconf and can be observed there, as well in ~/.gnucash/books as
a file name.
But where is the password? It is obviously stored somewhere, because it will
not be asked for next time, and when I change the database password
separately, gnucash will no longer open the book. But where...?
Take this question as a confirmation that this fact isn't documented well
enough. At least I didn't find anything in the wiki or in the source code.
Regards,
Christian
_______________________________________________
gnucash-devel mailing list
gnucash-devel@gnucash.org
https://lists.gnucash.org/mailman/listinfo/gnucash-devel
On platforms that have a system wide pasword manager, the password is
stored in there. On linux systems, the gnome keyring is used. On OS X,
Apple's keychain is used. On Windows I couldn't find any system wide
password manager so there the password is not stored at all.
The functions that handle storing and retrieving the passwords are in
src/gnome-utils/gnc-keyring.[ch]
They have proper doxygen descriptions which can be found here:
http://svn.gnucash.org/docs/HEAD/group__GUIUtility.html
Probably the choice of doxygen group is not too good and makes it harder
to find these.
GnuCash attempts to read the password from the keychain when a user
attempts to open a database backed book and didn't specify a password.
This happens in
src/gnome-utils/gnc-file.c:675
If no keychain is available or no password could be retrieved from it,
the user is presented with a password prompt.
GnuCash attempts to store/update a password near the end of a open or
save as post processing step. This is after the database calls to load
or save the db were verified to be successful. This happens in
src/gnome-utils/gnc-file.c:856 and
src/gnome-utils/gnc-file.c:1481
This allows the user to open the database again in the future with the
same password automatically. Until now that was in line with our
security policy, but if you intend to protect the db with a password, it
obviously shouldn't be stored by default. Instead I think this should be
an option in the save/open dialogs.
Does this help ?
Geert
_______________________________________________
gnucash-devel mailing list
gnucash-devel@gnucash.org
https://lists.gnucash.org/mailman/listinfo/gnucash-devel
