Re: Remove psql's -W option - Mailing list pgsql-hackers

From Fabien COELHO
Subject Re: Remove psql's -W option
Date
Msg-id alpine.DEB.2.21.1807220817580.24721@lancre
Whole thread Raw
In response to Re: Remove psql's -W option  (Tom Lane <tgl@sss.pgh.pa.us>)
Responses Re: Remove psql's -W option
List pgsql-hackers
>> It's first on our list of things not to do:
>> https://wiki.postgresql.org/wiki/Don't_Do_This#Don.27t_use_psql_-W_or_--password
>
> As I recall, when this has been discussed in the past, people objected
> because they didn't like either (1) the extra server process fork and/or
> network round trip caused when a password is needed,

Looking at the protocol documentation, I cannot see why a fork would be 
needed, because the password could be asked for when required at the 
protocol level. If the client knew.

However, libpq does not seem to expose this logic, and/or it is not used 
by "psql" which simply loops over "PQconnectdbParams", which seems to 
reconnect from scratch each time (connectDBStart ends with 
pqDropConnection).

Given the depth of function (PQconnectStartParams, connectDBStart, 
PQconnectPool, pg_fe_sendauth, pg_password_sendauth), changing this 
behavior without re-designing the whole connection functions and rewriting 
the client logic, thus breaking compatibility, looks like a pain.

> A possible positive reason for removing the option would be if we could
> clean up this mess:
> https://www.postgresql.org/message-id/E1egDgC-000302-FN@gemulon.postgresql.org
> But no fair citing that argument without presenting an actual clean-up
> patch, because it's not obvious how much cleaner we could make it.

Yep.

ISTM that the only way out would be to provide a callback function that 
could be used to ask for the password, and that could be called probably 
from pg_fe_sendauth (?) and implement the logic currently in psql main,
and probably other clients as well.

   PQsetPasswordCallback(myfunction);

And nothing else would be changed at the client level.

However the compatibility is non trivial because of the link dependency.
Maybe there could be a define so that a client could be compatible with 
older lib versions, eg:

   #ifdef LIBPQ_HAS_SET_PASSWORD_CALLBACK
   PQsetPasswordCallback(myfunction);
   #endif

Possibly this is acceptable. Not sure.

Otherwise ISTM that "-W/--password" still has some minimal value thus does 
not deserve to be thrown out that quickly.

-- 
Fabien


pgsql-hackers by date:

Previous
From: Alexander Korotkov
Date:
Subject: Re: Reduce amount of WAL generated by CREATE INDEX for gist, gin and sp-gist
Next
From: Michael Paquier
Date:
Subject: Re: Negotiating the SCRAM channel binding type