Postgres Pro
Downloads
Home   >   mailing lists

Thread: Re: [BUGS] More SSL questions..

Re: [BUGS] More SSL questions..

From
"Andrew Dunstan"
Date:
Magnus Hagander said:

> So, a quick implementation (not tested, but shouldn't be too hard) of
> your functino would be:
> static bool pqGetHomeDirectory(char *buf, int bufsize)
> {
>     char tmppath[MAX_PATH+16]; /* Add 16 chars for "/.postgresql/"
> */
>     ZeroMemory(tmppath,sizeof(tmppath));
>     if (!SHGetSpecialFolderPath(NULL, tmppath, CSIDL_APPDATA,
> FALSE)) {
>         return FALSE;
>     strcat(tmppath,"/.postgresql/");
>     if (strlen(tmppath) > bufsize)
>         return FALSE; /* Better than returning a chopped-off
> path */
>     strcpy(buf, tmppath);
>     return TRUE;
> }
>
> You're going to have to add #include <shlobj.h> to the file as well.
>


Excellent. I would suggest that we allow an environment variable PGHOME to
override this on all platforms, falling back to the above on Windows and
HOME elsewhere.

cheers

andrew

Re: [BUGS] More SSL questions..

From
Tom Lane
Date:
"Andrew Dunstan" <andrew@dunslane.net> writes:
> Excellent. I would suggest that we allow an environment variable PGHOME to
> override this on all platforms, falling back to the above on Windows and
> HOME elsewhere.

Given that this code is mainly used to find security-critical files
(.pgpass and SSL certificates), I'm not sure that an override is a good
idea.  I'm not dead set against it though --- any other opinions out
there?

Also, how do we document this behavior on Windows?  The libpq docs
currently talk about, eg,

      the connection in <filename>$HOME/.pgpass</> (or
      <filename>%USERPROFILE%\.pgpass</> on Microsoft Windows).

but I'm not sure that's accurate or useful.  Is there a phrase
comparable to "home directory" that will be understood by Windows
users?  I'm thinking of writing "~/.pgpass" for the Unix case to
avoid giving the impression that we depend on getenv("HOME"),
because we won't anymore.

            regards, tom lane

Re: [BUGS] More SSL questions..

From
Andrew Dunstan
Date:

Tom Lane wrote:

>"Andrew Dunstan" <andrew@dunslane.net> writes:
>
>
>>Excellent. I would suggest that we allow an environment variable PGHOME to
>>override this on all platforms, falling back to the above on Windows and
>>HOME elsewhere.
>>
>>
>
>Given that this code is mainly used to find security-critical files
>(.pgpass and SSL certificates), I'm not sure that an override is a good
>idea.  I'm not dead set against it though --- any other opinions out
>there?
>
>
>
>

If that's a valid concern (and it might well be) then we shouldn't rely
on any environment variable, including HOME - on Unix at least one could
use getpwent() and friends.

cheers

andrew