Thread: Comments in .pgpass file...
It seems that psql (or maybe libpq) doesn't like trailing comments.
This works:
10.143.170.206:5432:*:11026270:Blarge
But this does not:
10.143.170.206:5432:*:11026270:Blarge # Host name: fubar
(Don't tell me to use DNS. I would if the servers would stay in DNS.)
On Monday, May 20, 2024, Ron Johnson <ronljohnsonjr@gmail.com> wrote:
It seems that psql (or maybe libpq) doesn't like trailing comments.This works:10.143.170.206:5432:*:11026270:Blarge But this does not:10.143.170.206:5432:*:11026270:Blarge # Host name: fubar (Don't tell me to use DNS. I would if the servers would stay in DNS.)
.pgpass is a libpq thing.
The docs in a bit round-a-bout way state that a comment line begins with the hashtag. No other mention of comment formats are given.
David J.
Ron Johnson <ronljohnsonjr@gmail.com> writes: > It seems that psql (or maybe libpq) doesn't like trailing comments. Why would you think it would take that? The manual says that lines beginning with '#' are comments, but not more than that. > But this does not: > 10.143.170.206:5432:*:11026270:Blarge # Host name: fubar If that acted as a comment, it'd be impossible to use passwords containing '#'. regards, tom lane
On 2024-05-21 03:01 +0200, Ron Johnson wrote: > It seems that psql (or maybe libpq) doesn't like trailing comments. > > This works: > 10.143.170.206:5432:*:11026270:Blarge > > But this does not: > 10.143.170.206:5432:*:11026270:Blarge # Host name: fubar How should libpq know where the password ends and the comment begins while still accepting passwords that contain "#"? The password is everything between the 4th unescaped colon and the end of line. This could be made explicit in the docs. But the docs don't even say that you can put entries and comments one the same line. -- Erik
On Monday, May 20, 2024, Erik Wienhold <ewie@ewie.name> wrote:
On 2024-05-21 03:01 +0200, Ron Johnson wrote:
> It seems that psql (or maybe libpq) doesn't like trailing comments.
>
> This works:
> 10.143.170.206:5432:*:11026270:Blarge
>
> But this does not:
> 10.143.170.206:5432:*:11026270:Blarge # Host name: fubar
How should libpq know where the password ends and the comment begins
while still accepting passwords that contain "#"? The password is
everything between the 4th unescaped colon and the end of line.
This could be made explicit in the docs. But the docs don't even say
that you can put entries and comments one the same line.
As written the docs say if your password contain : or \ you should escape that character with a \ …
I’m not that surprised that a reader expected the password to end at the first space.
David J.
On 2024-05-21 03:24 +0200, David G. Johnston wrote: > On Monday, May 20, 2024, Erik Wienhold <ewie@ewie.name> wrote: > > > On 2024-05-21 03:01 +0200, Ron Johnson wrote: > > > It seems that psql (or maybe libpq) doesn't like trailing comments. > > > > > > This works: > > > 10.143.170.206:5432:*:11026270:Blarge > > > > > > But this does not: > > > 10.143.170.206:5432:*:11026270:Blarge # Host name: fubar > > > > How should libpq know where the password ends and the comment begins > > while still accepting passwords that contain "#"? The password is > > everything between the 4th unescaped colon and the end of line. > > > > This could be made explicit in the docs. But the docs don't even say > > that you can put entries and comments one the same line. > > > > As written the docs say if your password contain : or \ you should escape > that character with a \ … Oh, I misread the code, now that you mention it. libpq reads the password up to the first unescaped colon. So one could write: 10.143.170.206:5432:*:11026270:Blarge: # Host name: fubar Note the colon right after "Blarge". But that will very likely clash with fields that may be added in the future. -- Erik
On Mon, May 20, 2024 at 9:10 PM Tom Lane <tgl@sss.pgh.pa.us> wrote:
Ron Johnson <ronljohnsonjr@gmail.com> writes:
> It seems that psql (or maybe libpq) doesn't like trailing comments.
Why would you think it would take that? The manual says that lines
beginning with '#' are comments, but not more than that.
I searched the man page for "#" and "comment". The only mention is in this sentence:
[quote]
hostname
:port
:database
:username
:password
(You can add a reminder comment to the file by copying the line above and preceding it with
#
.)[/quote]
That one sentence can easily be read as only referring to the "hostname:port..." line.
Since postgresql.conf and pg_hba.conf (I don't use pg_ident.conf) allow trailing comments, it seems reasonable that .pgpass should too, for consistency.
It also seems reasonable that hostnames in .pgpass should be case-insensitive, since they're case-insensitive everywhere else in the network world.
> But this does not:
> 10.143.170.206:5432:*:11026270:Blarge # Host name: fubar
If that acted as a comment, it'd be impossible to use passwords
containing '#'.
Escapes. It escapes ":" and "\", so should be able to escape "#".
On Monday, May 20, 2024, Ron Johnson <ronljohnsonjr@gmail.com> wrote:
On Mon, May 20, 2024 at 9:10 PM Tom Lane <tgl@sss.pgh.pa.us> wrote:Ron Johnson <ronljohnsonjr@gmail.com> writes:
> It seems that psql (or maybe libpq) doesn't like trailing comments.
Why would you think it would take that? The manual says that lines
beginning with '#' are comments, but not more than that.I searched the man page for "#" and "comment". The only mention is in this sentence:[quote]hostname
:port
:database
:usernam
:e password
(You can add a reminder comment to the file by copying the line above and preceding it with#
.)[/quote]That one sentence can easily be read as only referring to the "hostname:port..." line.
That would seem oddly specific and easily falsifiable. Which is probably why no one else has pointed out the odd wording. They actually try the generalization and it works.
But I agree the docs could use some improvement.
Since postgresql.conf and pg_hba.conf (I don't use pg_ident.conf) allow trailing comments, it seems reasonable that .pgpass should too, for consistency.
Reasonable but probably not worth the hassle to figure out the details. Though I’d be tempted to formalize the existing behavior and just add an optional field after password to hold a description. If we do ever extend off the end to specify yet more fields we’d make all the preceding optional fields mandatory.
Escapes. It escapes ":" and "\", so should be able to escape "#".
Frankly it probably shouldn’t escape anything in the password field, including colons. But since that ship has sailed, see the preceding idea.
David J.
On Mon, May 20, 2024 at 11:04 PM David G. Johnston <david.g.johnston@gmail.com> wrote:
[snip]
That would seem oddly specific and easily falsifiable. Which is probably why no one else has pointed out the odd wording.
Or people grumble silently.
Reasonable but probably not worth the hassle to figure out the details. Though I’d be tempted to formalize the existing behavior and just add an optional field after password to hold a description. If we do ever extend off the end to specify yet more fields we’d make all the preceding optional fields mandatory.
I like that idea.