Skip to content

Use environment and pgpass to connect to PostgreSQL #385

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 3 commits into
base: master
Choose a base branch
from
Draft

Use environment and pgpass to connect to PostgreSQL #385

wants to merge 3 commits into from

Conversation

Natureshadow
Copy link

@Natureshadow Natureshadow commented Feb 17, 2021
edited by Archmonger
Loading

Closes #384.

Instead of building a command-line that might be subject to a row of issues (the command-line used before carried the database password in plaintext, making it available to everyone with read access to the system, we now build a copy of the environment with all the libpq variables that are needed prefilled. The password is written into a .pgpass file as suggested by the PostgreSQL docs.

This also makes the call more compatible with various setups. For instance, a hostname is not mandatory — pg_dump can connect through the UNIX socket in /var/run as well.

In order to make all that re-usable and easy to read and understand, I decided to pack the environment generation
and .pgpass file handling in a context manager. Someone else (or me, later on, if I get bored) might want to copy it for MySQL and MongoDB.

@Natureshadow Natureshadow force-pushed the bugfix/384-postgresql-backup-leaks-password branch from ddf7822 to a8bf3fd Compare February 17, 2021 22:52
@Natureshadow Natureshadow force-pushed the bugfix/384-postgresql-backup-leaks-password branch from a8bf3fd to 1c4f627 Compare February 18, 2021 09:38
@Archmonger Archmonger marked this pull request as draft April 29, 2022 07:50
@Archmonger
Copy link
Owner

Archmonger commented Aug 23, 2024
edited
Loading

The master branch needs to be re-merged into this PR

Also, we only support Django > 3.2 now. Would you like to rewrite this to utilize settings_to_cmd_args_env?

@Archmonger Archmonger mentioned this pull request Jun 11, 2025
Merged
4 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[Security] PostgreSQL backup leaks password in command-line
2 participants
@Natureshadow @Archmonger