Re: Remove psql's -W option
Robert Haas writes: > I also think your other question is a good one. It seems like the > fact that we need to reconnect -- rather than just prompting for the > password and then sending it when we get it -- is an artifact of how > libpq is designed rather than an intrinsic limitation of the protocol. Well, it's a limitation of the libpq API. The problem is that it's the application, not libpq, that's in charge of actually asking the user for a password. Right now we inform the app that it needs to do that by passing back a failed PGconn with appropriate state. We could imagine passing back a PGconn with a half-finished open connection, and asking the app to re-submit that PGconn along with a password so we could continue the auth handshake. But it'd require changing apps to do that. Also, doing things like that would incur the risk of exceeding authentication_timeout while the user is typing his password. So we'd also need some additional complexity to retry in that situation. regards, tom lane
Re: Remove psql's -W option
On Mon, Jul 23, 2018 at 11:20:46AM -0400, Robert Haas wrote: > On Sun, Jul 22, 2018 at 9:35 AM, Fabien COELHO wrote: > > Otherwise ISTM that "-W/--password" still has some minimal value thus does > > not deserve to be thrown out that quickly. > > I think I agree. I don't think this option is really hurting > anything, so I'm not quite sure why we would want to abruptly get rid > of it. > > I also think your other question is a good one. It seems like the > fact that we need to reconnect -- rather than just prompting for the > password and then sending it when we get it -- is an artifact of how > libpq is designed rather than an intrinsic limitation of the protocol. Am I understanding correctly that doing the following would be acceptable, assuming good code quality? - Rearrange libpq so it doesn't force this behavior. - Deprecate the -W option uniformly in the code we ship by documenting it and making it send warnings to stderr. Best, David. -- David Fetter http://fetter.org/ Phone: +1 415 235 3778 Remember to vote! Consider donating to Postgres: http://www.postgresql.org/about/donate
Re: Remove psql's -W option
On Sun, Jul 22, 2018 at 9:35 AM, Fabien COELHO wrote: > Otherwise ISTM that "-W/--password" still has some minimal value thus does > not deserve to be thrown out that quickly. I think I agree. I don't think this option is really hurting anything, so I'm not quite sure why we would want to abruptly get rid of it. I also think your other question is a good one. It seems like the fact that we need to reconnect -- rather than just prompting for the password and then sending it when we get it -- is an artifact of how libpq is designed rather than an intrinsic limitation of the protocol. -- Robert Haas EnterpriseDB: http://www.enterprisedb.com The Enterprise PostgreSQL Company
Re: Remove psql's -W option
Vik Fearing writes: > On 22/07/18 00:41, Fabien COELHO wrote: >> What is the rational? > It's first on our list of things not to do: > https://wiki.postgresql.org/wiki/Don't_Do_This#Don.27t_use_psql_-W_or_--password As I recall, when this has been discussed in the past, people objected because they didn't like either (1) the extra server process fork and/or network round trip caused when a password is needed, or (2) the server log entry that gets generated about client disconnecting without supplying a password. (We don't log anything about it normally, but I'm not sure that that's always true when using PAM, LDAP, connection poolers, etc.) While those are surely niche concerns, it's not really apparent to me what we gain by breaking them. A possible positive reason for removing the option would be if we could clean up this mess: https://www.postgresql.org/message-id/e1egdgc-000302...@gemulon.postgresql.org But no fair citing that argument without presenting an actual clean-up patch, because it's not obvious how much cleaner we could make it. BTW, all of our client programs have this switch, so if we did agree to remove it, this patch doesn't go nearly far enough. regards, tom lane PS: I found some interesting back-story here: https://www.postgresql.org/message-id/flat/200712091148.54294.xzilla%40users.sourceforge.net
Re: Remove psql's -W option
On 22/07/18 00:41, Fabien COELHO wrote: > > Hello David, > >> I'd like to $Subject for 12. >> >> There are scripts it could break, but not ones that weren't already >> broken in ways important to access control. >> >> What say? > > What is the rational? It's first on our list of things not to do: https://wiki.postgresql.org/wiki/Don't_Do_This#Don.27t_use_psql_-W_or_--password -- Vik Fearing +33 6 46 75 15 36 http://2ndQuadrant.fr PostgreSQL : Expertise, Formation et Support
Re: Remove psql's -W option
Hello David, I'd like to $Subject for 12. There are scripts it could break, but not ones that weren't already broken in ways important to access control. What say? What is the rational? I'm unsure of the logic behind removing -W (--password) but keeping -w (--no-password), especially as the internal logic seems kept by the patch. -- Fabien.
Re: Remove psql's -W option
On 21/07/18 23:58, David Fetter wrote: > Folks, > > I'd like to $Subject for 12. > > There are scripts it could break, but not ones that weren't already > broken in ways important to access control. > > What say? I say it should at least throw a sensible error for a few versions before it's removed completely. -1 on this patch +1 for removing the "feature" -- Vik Fearing +33 6 46 75 15 36 http://2ndQuadrant.fr PostgreSQL : Expertise, Formation et Support
