Re: Patch : PGPASSFILE fix - Mailing list pgadmin-hackers
| From | Prasad |
|---|---|
| Subject | Re: Patch : PGPASSFILE fix |
| Date | |
| Msg-id | trinity-6cae578f-b708-4a1e-bde3-40dd9484ce35-1425509420442@3capp-mailcom-lxa15 Whole thread Raw |
| In response to | Re: Patch : PGPASSFILE fix (Ashesh Vashi <ashesh.vashi@enterprisedb.com>) |
| Responses |
Re: Patch : PGPASSFILE fix
|
| List | pgadmin-hackers |
Hi, As mentioned in my earlier communication code calling this function is checking for file existence. So if we decide to addcode for creation of full path, then similar code has to be removed from location of call to this function. Otherwise,it will end up with multiple error messages. It's wxWidget's wxFile that throws error. So, I've created two patches, and we can go with one of them. 1. Let GetConfigFile function just read value from PGPASSFILE and return as it is as like, similar to way it creates defaultpath(It doesn't create file in case of default path as well). And calling functions are taking care of path validationand error messages. 2. Let GetConfigFile function read value from PGPASSFILE and create file path ,it will show error message in case it can't.In this case calling code only should check existence of file before going ahead, and not try to create or read file,otherwise , user will end up with multiple message boxes with same error. regards, Prasad Sent: Wednesday, March 04, 2015 at 11:35 AM From: "Ashesh Vashi" <ashesh.vashi@enterprisedb.com>, func To: "Dave Page" <dpage@pgadmin.org> Cc: Prasad <prasad.s@mail.com>, pgadmin-hackers <pgadmin-hackers@postgresql.org> Subject: Re: [pgadmin-hackers] Patch : PGPASSFILE fix On Wed, Mar 4, 2015 at 4:40 PM, Dave Page <dpage@pgadmin.org> wrote: On Wed, Mar 4, 2015 at 11:06 AM, Ashesh Vashi <ashesh.vashi@enterprisedb.com[ashesh.vashi@enterprisedb.com]> wrote: On Wed, Mar 4, 2015 at 4:09 PM, Dave Page <dpage@pgadmin.org[dpage@pgadmin.org]> wrote: I think we should try to create the full path if necessary, and simply throw an error if we can't. And, I think - we should switch back to default pgpass configuration file. No, because that's a security risk (writing the password to a file that wasn't what the user intended). Agree. -- Thanks & Regards, Ashesh Vashi EnterpriseDB INDIA: Enterprise PostgreSQL Company[http://www.enterprisedb.com] http://www.linkedin.com/in/asheshvashi[http://www.linkedin.com/in/asheshvashi] -- Thanks & Regards, Ashesh Vashi EnterpriseDB INDIA: Enterprise PostgreSQL Company[http://www.enterprisedb.com] http://www.linkedin.com/in/asheshvashi[http://www.linkedin.com/in/asheshvashi] On Wed, Mar 4, 2015 at 10:01 AM, Prasad <prasad.s@mail.com[prasad.s@mail.com]> wrote: > Alright , I'll revert to PGPASS check. > Existing function only creates folder containing file. With this case, whats expected ? Reading value in PGPASSFILE andtry to create folder containing pgpass file (Assuming it's valid path)? Remember, it's environment variable. User canspecify anything in there. Some garbage value as well. If we don't do any validation there, user will automatically seeerror with complain about file ? > > thanks and regards, > Prasad > > > Sent: Wednesday, March 04, 2015 at 7:48 AM > From: "Ashesh Vashi" <ashesh.vashi@enterprisedb.com[ashesh.vashi@enterprisedb.com]> > To: Prasad <prasad.s@mail.com[prasad.s@mail.com]> > Cc: pgadmin-hackers <pgadmin-hackers@postgresql.org[pgadmin-hackers@postgresql.org]> > Subject: Re: [pgadmin-hackers] Patch : PGPASSFILE fix > > On Wed, Mar 4, 2015 at 8:44 AM, Prasad <prasad.s@mail.com[prasad.s@mail.com]> wrote: > > Ashesh, > > Thanks for reviewing patch, > Code I have removed in I think, was switch statement inside if condition, which doesn't make sense. > ie. > if (var == 2) > { > switch (var) > case 2: > ..... > break; > } > > that's why I removed it, because it's redundant. > Agree about redundancy, but you've also removed the code for checking the PGPASS check at the start of the function. > i.e. > @@ -762,35 +762,33 @@ void sysSettings::SetCanonicalLanguage(const wxLanguage &lang) > ////////////////////////////////////////////////////////////////////////// > wxString sysSettings::GetConfigFile(configFileName cfgname) > { > - if (cfgname == PGPASS) > - { > > I am not agree with that. > About creation of directory, I'm not sure if this validation is required. Existing code creates directory postgresql (onlyon windows) according to http://www.postgresql.org/docs/9.3/static/libpq-pgpass.html[http://www.postgresql.org/docs/9.3/static/libpq-pgpass.html][http://www.postgresql.org/docs/9.3/static/libpq-pgpass.html%5Bhttp://www.postgresql.org/docs/9.3/static/libpq-pgpass.html%5D] ,and it doesn't create file. I'm not sure whether this kind of validation is expected in this function. > I think - it is. > Because - it could be used to save the updated password in the PGPASS file. > > -- Ashesh > regards, > Prasad > > Sent: Wednesday, March 04, 2015 at 7:15 AM > From: "Ashesh Vashi" <ashesh.vashi@enterprisedb.com[ashesh.vashi@enterprisedb.com][ashesh.vashi@enterprisedb.com[ashesh.vashi@enterprisedb.com]]> > To: Prasad <prasad.s@mail.com[prasad.s@mail.com][prasad.s@mail.com[prasad.s@mail.com]]> > Cc: pgadmin-hackers <pgadmin-hackers@postgresql.org[pgadmin-hackers@postgresql.org][pgadmin-hackers@postgresql.org[pgadmin-hackers@postgresql.org]]> > Subject: Re: [pgadmin-hackers] Patch : PGPASSFILE fix > > Hi Prasad, > I see couple of issues with your patch.* Please generate the patch using 'git diff'. > I could not apply your patch straight forwardly. > I had to use the patch utility. > * Please follow the coding style of pgAdmin. > You can find it at https://wiki.postgresql.org/wiki/PgAdmin_Internals#Coding_Style.*[https://wiki.postgresql.org/wiki/PgAdmin_Internals#Coding_Style.*][https://wiki.postgresql.org/wiki/PgAdmin_Internals#Coding_Style.*[https://wiki.postgresql.org/wiki/PgAdmin_Internals%23Coding_Style.*]] Donot remove any of the existing code. > It has been kept there keeping in mind about future development extending support of the existing functionality. > You've removed couple of lines in the sysSettings::GetConfigFile(...) function, which is not good. > > In your code:* Checked only for PGPASSFILE environment variable. > * Need to check the existence of the file. > * Take required actions (if that file/parent directory does not exists). > i.e. Create parent directory > > > > -- > Thanks & Regards, > > Ashesh Vashi > EnterpriseDB INDIA: Enterprise PostgreSQL Company[http://www.enterprisedb.com[http://www.enterprisedb.com][http://www.enterprisedb.com[http://www.enterprisedb.com]]] > > http://www.linkedin.com/in/asheshvashi[http://www.linkedin.com/in/asheshvashi][http://www.linkedin.com/in/asheshvashi[http://www.linkedin.com/in/asheshvashi]][http://www.linkedin.com/in/asheshvashi%5Bhttp://www.linkedin.com/in/asheshvashi%5D%5Bhttp://www.linkedin.com/in/asheshvashi%5Bhttp://www.linkedin.com/in/asheshvashi%5D%5D] > > On Sun, Mar 1, 2015 at 11:08 PM, Prasad <prasad.s@mail.com[prasad.s@mail.com][prasad.s@mail.com[prasad.s@mail.com]][prasad.s@mail.com[prasad.s@mail.com][prasad.s@mail.com[prasad.s@mail.com]]]> wrote: > Hi, > > Find attached fix for reading PGPASSFILE environment variable for pg password file. > > regards, > Prasad > > -- > Sent via pgadmin-hackers mailing list (pgadmin-hackers@postgresql.org[pgadmin-hackers@postgresql.org][pgadmin-hackers@postgresql.org[pgadmin-hackers@postgresql.org]][pgadmin-hackers@postgresql.org[pgadmin-hackers@postgresql.org][pgadmin-hackers@postgresql.org[pgadmin-hackers@postgresql.org]]]) > To make changes to your subscription: > http://www.postgresql.org/mailpref/pgadmin-hackers[http://www.postgresql.org/mailpref/pgadmin-hackers][http://www.postgresql.org/mailpref/pgadmin-hackers[http://www.postgresql.org/mailpref/pgadmin-hackers]][http://www.postgresql.org/mailpref/pgadmin-hackers%5Bhttp://www.postgresql.org/mailpref/pgadmin-hackers%5D%5Bhttp://www.postgresql.org/mailpref/pgadmin-hackers%5Bhttp://www.postgresql.org/mailpref/pgadmin-hackers%5D%5D] > > > > --> Sent via pgadmin-hackers mailing list (pgadmin-hackers@postgresql.org[pgadmin-hackers@postgresql.org]) > To make changes to your subscription: > http://www.postgresql.org/mailpref/pgadmin-hackers[http://www.postgresql.org/mailpref/pgadmin-hackers] -- Dave Page Blog: http://pgsnake.blogspot.com[http://pgsnake.blogspot.com] Twitter: @pgsnake EnterpriseDB UK: http://www.enterprisedb.com[http://www.enterprisedb.com] The Enterprise PostgreSQL Company -- Dave Page Blog: http://pgsnake.blogspot.com[http://pgsnake.blogspot.com] Twitter: @pgsnake EnterpriseDB UK: http://www.enterprisedb.com[http://www.enterprisedb.com] The Enterprise PostgreSQL Company
Attachment
pgadmin-hackers by date: