Re: [GENERAL] password in recovery.conf [SOLVED]

2014-09-27 Thread Nelson Green 
On Fri, Sep 26, 2014 at 6:40 PM, John R Pierce  wrote:

> On 9/26/2014 4:32 PM, Nelson Green wrote:
>
>>
>> Thanks Bosco, DrakoRod, and Adrian. Between the three of you it became
>> obvious
>> that I was doing something wrong. And yes, in the end you were right.
>> Doubling
>> the quote does indeed work.
>>
>> It turns out it this particular password also had a \ in it, and my
>> console
>> width wrapped right before it, putting it as the first character on the
>> next
>> line, where I just didn't notice it until a few minutes ago. I changed
>> that to
>> a ^ for the time being, and then doubled the quote whereupon it all
>> worked. I
>> will certainly look into how to escape the backslash too, but that's for
>> next
>> week at this point.
>>
>
> I'd consider using `mkpasswd -l 15 -s 0`  just to avoid any such
> problems.   15 random alphanumerics is already plenty complex, 62^15th
> possible combinations, without needing to mix in special characters.
>
> $ mkpasswd -l 15 -s 0
> eec1kj7ZsthlYmh
>

Thanks John. We use apg which has similar options. But alas, I must comply
with
organizational password policies.

Regards,
Nelson

Re: [GENERAL] password in recovery.conf [SOLVED]

2014-09-27 Thread Nelson Green 
On Fri, Sep 26, 2014 at 6:46 PM, Adrian Klaver 
wrote:

> On 09/26/2014 04:32 PM, Nelson Green wrote:
>
>> On Fri, Sep 26, 2014 at 5:51 PM, Adrian Klaver
>>
>
>  Doubling the quote seems to work here.
>>
>>
>> Thanks Bosco, DrakoRod, and Adrian. Between the three of you it became
>> obvious
>> that I was doing something wrong. And yes, in the end you were right.
>> Doubling
>> the quote does indeed work.
>>
>> It turns out it this particular password also had a \ in it, and my
>> console
>> width wrapped right before it, putting it as the first character on the
>> next
>> line, where I just didn't notice it until a few minutes ago. I changed
>> that to
>> a ^ for the time being, and then doubled the quote whereupon it all
>> worked. I
>> will certainly look into how to escape the backslash too, but that's for
>> next
>> week at this point.
>>
>
> aklaver@panda:~> psql 'dbname=test user=test_user password=test\\pwd'
> psql (9.0.17)
> Type "help" for help.
>
> test=>


Thanks again Adrian! Figures it's that easy.

Confession time. When I'm trying to work through something like this where
different iterations are going to be tried, I sit down and spell them out
first.
But since I was remoted in and things were going so slow (and I was pretty
tired), I just tried different combinations on the single quote. When I
noticed
the backslash I tried to double it, but with no luck. However, in all
honesty I
don't know what I was doing with the single quote at that particular moment.
Bottom line is I probably shot myself in the foot in several ways with this
one.

I appreciate the patience with me.
Nelson

Re: [GENERAL] password in recovery.conf [SOLVED]

2014-09-26 Thread Gavin Flower 

On 27/09/14 11:56, John R Pierce wrote:

On 9/26/2014 4:40 PM, John R Pierce wrote:
I'd consider using `mkpasswd -l 15 -s 0` just to avoid any such 
problems.   15 random alphanumerics is already plenty complex, 
62^15th possible combinations, without needing to mix in special 
characters.


$ mkpasswd -l 15 -s 0
eec1kj7ZsthlYmh


btw, thats 768,909,700,000,000,000,000,000,000 possible passwords. 768 
septillion, using the aamerican 'short scale' naming convention.  if 
you could brute force try 1/second, it would merely take 
24,365,800,000,000 centuries (24 trillion).



So do you think a password like *Nxw7TnC2^}%(}tEz* is strong enough?  :-)

I developed a Java program that generates 20 passwords (each of 16 
characters) at a time, I've attached it for anyone who might be 
interested.  I have put it under the GPL version 3, but I might consider 
releasing under other licences.



Cheers,
Gavin
package gcf.misc;

/**
 * Copyright © 2012 Gavin C. Flower
 * 
 * author: gavin.flo...@archidevsys.co.nz
 * 
 * This program is free software: you can redistribute it and/or modify it under
 * the terms of the GNU General Public License as published by the Free Software
 * Foundation, either version 3 of the License, or (at your option) any later
 * version.
 * 
 * This program is distributed in the hope that it will be useful, but WITHOUT
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
 * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
 * details.
 * 
 * For full details of the license see .
 */

import java.security.SecureRandom;

public class AppPasswordGenerator
{
private final static int PASSWORD_LENGTH = 16;

private final static int MAX_INDEX = PASSWORD_LENGTH - 1;

/*
 * We avoid ambiguous characters, so you won't get 'I1|l', 'B8', 'S5', or
 * 'O0' being produced
 */

private static String DIGITS = "23456789";

private static String SPECIAL = "!@#$%^&*()_+{}[]<>.:";

private static String UPPER = "ACDEFGHJKLMNPQRTVWXY";

private static String LOWER = "abcdefghijklmnopqrstuvwxyz";

private static String FULL = DIGITS + SPECIAL + UPPER + LOWER;

private final StringBuilder SB = new StringBuilder(PASSWORD_LENGTH);

SecureRandom secureRandom = new SecureRandom();

AppPasswordGenerator()
{
/*
 * This is way more complicated than it needs to be for the current
 * application, but it was fun coding it!
 * 
 * The use of sin() & exp() introduce a semirandom delay in obtaining
 * the current time in nano seconds as well as returning values to act
 * as additional randomising factors.
 */
long nanoA = System.nanoTime();
double sinVal = Math.sin(nanoA);
long nanoB = System.nanoTime();
double expVal = Math.exp(sinVal);
long nanoC = System.nanoTime();
int shift = (int) nanoB & 0x3F;
long rotation = Long.rotateRight(nanoC, shift);
long rawBits = Double.doubleToRawLongBits(expVal);
long seed = rotation ^ rawBits;
secureRandom.setSeed(seed);

// System.out.printf("nanoA: %016X\n", nanoA);
// System.out.printf("   sinVal: %16.13f\n", sinVal);
// System.out.printf("nanoB: %016X\n", nanoB);
// System.out.printf("   expVal: %16.13f\n", expVal);
// System.out.printf("nanoC: %016X\n", nanoC);
// System.out.printf("shift: %16d\n", shift);
// System.out.printf("  rawBits: %016X\n", rawBits);
// System.out.printf(" rotation: %016X\n", rotation);
// System.out.printf(" seed: %016X\n", seed);
// System.out.printf("FULL.length(): %16d\n", FULL.length());
}

public static void main(String[] args)
{
AppPasswordGenerator appPasswordGenerator = new AppPasswordGenerator();
appPasswordGenerator.go();
}

private void go()
{
assert PASSWORD_LENGTH > 5; // Actually, later code assume 16...

for (int i = 0; i < 20; i++)
{
printAPassword();
}
}

private void printAPassword()
{
addChar(DIGITS);
addChar(DIGITS);
addChar(SPECIAL);
addChar(UPPER);
addChar(LOWER);

for (int ii = SB.length(); ii < PASSWORD_LENGTH; ii++)
{
addChar(FULL);
}

// Randomise password characters
for (int index_a = 0; index_a < PASSWORD_LENGTH; index_a++)
{
char ca = SB.charAt(index_a);
int index_b = secureRandom.nextInt(PASSWORD_LENGTH);
char cb = SB.charAt(index_b);
SB.setCharAt(index_b, ca);
SB.setCharAt(index_a, cb);
}

// Ensure the last character is not a digit
while (Character.isDigit(SB.charAt(MAX_INDEX)))
{
int index = secureRandom.nextInt(MAX_INDEX);
char ca = SB.charAt(MAX_INDEX);
char cb = SB.charAt(

Re: [GENERAL] password in recovery.conf [SOLVED]

2014-09-26 Thread John R Pierce 

On 9/26/2014 4:40 PM, John R Pierce wrote:
I'd consider using `mkpasswd -l 15 -s 0`  just to avoid any such 
problems.   15 random alphanumerics is already plenty complex, 62^15th 
possible combinations, without needing to mix in special characters.


$ mkpasswd -l 15 -s 0
eec1kj7ZsthlYmh


btw, thats 768,909,700,000,000,000,000,000,000 possible passwords. 768 
septillion, using the aamerican 'short scale' naming convention.  if you 
could brute force try 1/second, it would merely take 
24,365,800,000,000 centuries (24 trillion).


--
john r pierce  37N 122W
somewhere on the middle of the left coast



--
Sent via pgsql-general mailing list (pgsql-general@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-general

Re: [GENERAL] password in recovery.conf [SOLVED]

2014-09-26 Thread Adrian Klaver 

On 09/26/2014 04:32 PM, Nelson Green wrote:

On Fri, Sep 26, 2014 at 5:51 PM, Adrian Klaver



Doubling the quote seems to work here.


Thanks Bosco, DrakoRod, and Adrian. Between the three of you it became
obvious
that I was doing something wrong. And yes, in the end you were right.
Doubling
the quote does indeed work.

It turns out it this particular password also had a \ in it, and my console
width wrapped right before it, putting it as the first character on the next
line, where I just didn't notice it until a few minutes ago. I changed
that to
a ^ for the time being, and then doubled the quote whereupon it all
worked. I
will certainly look into how to escape the backslash too, but that's for
next
week at this point.


aklaver@panda:~> psql 'dbname=test user=test_user password=test\\pwd'
psql (9.0.17)
Type "help" for help.

test=>




Apologies for the noise. Just been one of those days.

Thanks,
Nelson



--
Adrian Klaver
adrian.kla...@aklaver.com


--
Sent via pgsql-general mailing list (pgsql-general@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-general

Re: [GENERAL] password in recovery.conf [SOLVED]

2014-09-26 Thread John R Pierce 

On 9/26/2014 4:32 PM, Nelson Green wrote:


Thanks Bosco, DrakoRod, and Adrian. Between the three of you it became 
obvious
that I was doing something wrong. And yes, in the end you were right. 
Doubling

the quote does indeed work.

It turns out it this particular password also had a \ in it, and my 
console
width wrapped right before it, putting it as the first character on 
the next
line, where I just didn't notice it until a few minutes ago. I changed 
that to
a ^ for the time being, and then doubled the quote whereupon it all 
worked. I
will certainly look into how to escape the backslash too, but that's 
for next

week at this point.


I'd consider using `mkpasswd -l 15 -s 0`  just to avoid any such 
problems.   15 random alphanumerics is already plenty complex, 62^15th 
possible combinations, without needing to mix in special characters.


$ mkpasswd -l 15 -s 0
eec1kj7ZsthlYmh


--
john r pierce  37N 122W
somewhere on the middle of the left coast



--
Sent via pgsql-general mailing list (pgsql-general@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-general

Re: [GENERAL] password in recovery.conf [SOLVED]

2014-09-26 Thread Nelson Green 
On Fri, Sep 26, 2014 at 5:51 PM, Adrian Klaver 
wrote:

> On 09/26/2014 12:58 PM, Nelson Green wrote:
>
>> Hello all,
>>
>> I am setting up a streaming replication stand-by, and the replication
>> role password has a single quote in it. I am unable to properly
>> reference the password in the conninfo setting of recovery.conf so it
>> will authenticate to the master. Doubling the quote gives me a syntax
>> error, and escaping it or quoting it with double-quotes gives me an
>> authentication error. The password is correct because I can copy it from
>> the recovery.conf and supply it when prompted by pg_basebackup, so if I
>> may, what is the proper way to handle single quotes within the conninfo
>> string?
>>
>
>
> Doubling the quote seems to work here.
>

Thanks Bosco, DrakoRod, and Adrian. Between the three of you it became
obvious
that I was doing something wrong. And yes, in the end you were right.
Doubling
the quote does indeed work.

It turns out it this particular password also had a \ in it, and my console
width wrapped right before it, putting it as the first character on the next
line, where I just didn't notice it until a few minutes ago. I changed that
to
a ^ for the time being, and then doubled the quote whereupon it all worked.
I
will certainly look into how to escape the backslash too, but that's for
next
week at this point.

Apologies for the noise. Just been one of those days.

Thanks,
Nelson