On Wed, Jan 9, 2013 at 2:17 PM, Peter Eisentraut <peter_e(at)gmx(dot)net> wrote:
> I would like to have something like ssh-askpass for libpq. The main
> reason is that I don't want to have passwords in plain text on disk,
> even if .pgpass is read protected. By getting the password from an
> external program, I can integrate libpq tools with the host system's key
> chain or wallet thing, which stores passwords encrypted.
Sounds very useful.
> I'm thinking about adding a new connection option "askpass" with
> environment variable PGASKPASS. One thing I haven't quite figured out
> is how to make this ask for passwords only if needed. Maybe it needs
> two connection options, one to say which program to use and one to say
> whether to use it.
You could call it basically where conn->password_needed is set today.
So instead of dropping it directly back to the user, call the
callback, try again, and drop back to the user only if it doesn't
That means it gets called only after the connection to the server is
established, but that seems reasonable given that that's the only case
when you can get a password prompt as well... You don't know the
server is going to ask for a password until it gets that far.
In fact, might it be interesting to allow libpq to do a simple
callback for the password *as well*? to implement a password prompt
directly in the application, instead of having to make multiple
connections? So not just as an external command, but also availbale as
a direct calback.
In response to
pgsql-hackers by date
|Next:||From: Andres Freund||Date: 2013-01-09 14:58:28|
|Subject: Re: [PATCH 1/2] Provide a common malloc wrappers and palloc et al.
emulation for frontend'ish environs|
|Previous:||From: Alvaro Herrera||Date: 2013-01-09 14:45:12|
|Subject: Re: [PATCH 1/2] Provide a common malloc wrappers and
palloc et al. emulation for frontend'ish environs|