[Python-modules-team] Bug#781033: python-django: "manage dbshell" fails to transmit settings password to postgresql
Raphael Hertzog
hertzog at debian.org
Mon Mar 23 20:08:09 UTC 2015
Hi,
On Mon, 23 Mar 2015, Jean-Michel Nirgal Vourgère wrote:
> When one runs the generated ./manage.py with "runserver" argument,
> django find the host, dbname, username, and password and runs ok.
>
> But when one runs it with "dbshell" argument, django only uses host,
> dbname and username. Then a prompt asks the user for the password.
dbshell just runs "psql" with the appropriate parameters. psql does
not accept a password on the command-line or in an environment variable
(because it's unsafe, as other users can see the command line), but only
interactively.
Thus there is just no way to safely feed the password, short of hijacking
the whole standard input of psql or automatically modifying ~/.pgpass (both
possibilities look bad to me)
I would suggest to setup ~/.pgpass if you are really bothered by this.
If you agree with this analysis, then I'll close the bug. If you don't,
then we should reassign this to postgresql-client as a wishlist bug to
ensure psql has a reliable way to be fed a password (like an option to use
a custom password file).
Cheers,
--
Raphaël Hertzog ◈ Debian Developer
Support Debian LTS: http://www.freexian.com/services/debian-lts.html
Learn to master Debian: http://debian-handbook.info/get/
More information about the Python-modules-team
mailing list