Opened 5 years ago

Last modified 21 months ago

#2628 new defect

db.login does not ask for password as PostgreSQL database driver manual page says

Reported by: wenzeslaus Owned by: grass-dev@…
Priority: normal Milestone: 7.2.4
Component: Database Version: svn-trunk
Keywords: db.login, postgres Cc:
CPU: Unspecified Platform: Linux

Description

The PostgreSQL DATABASE DRIVER manual page (http://grass.osgeo.org/grass70/manuals/grass-pg.html) says:

# example for connecting to a PostgreSQL server:
db.connect driver=pg database="host=myserver.osgeo.org,dbname=mydb"
# password is asked interactively if not specified:
db.login user=myname [pass=secret]
db.connect -p
db.tables -p

I noticed:

# password is asked interactively if not specified:

So I tried:

db.login user=docker

But then I got:

> db.connect -p
driver: pg
database: host=localhost,port=25432,dbname=gis
schema: 
group: 
> db.tables -p
DBMI-PostgreSQL driver error:
Connection failed.
fe_sendauth: no password supplied

DBMI-PostgreSQL driver error:
Connection failed.
fe_sendauth: no password supplied

I was not prompted for the password at any point. So it seems that either the manual page is wrong or db.connect does not work as expected.

I think that I actually got the db.tables error message ("no password supplied") twice as presented above.

Setting the password in command line works (but of course exposes the password in the bash history file).

I don't think this is related to #2626 or #2627. I don't know if it is related to #1951.

By the way, PostgreSQL DATABASE DRIVER title should be probably changed to PostgreSQL database driver (better typography, no reason for all uppercase).

Change History (8)

comment:1 Changed 5 years ago by martinl

Keywords: db.login added

comment:2 in reply to:  description Changed 5 years ago by neteler

Replying to wenzeslaus: ...

I was not prompted for the password at any point. So it seems that either the manual page is wrong or db.connect does not work as expected.

The interactive password prompting was removed in r32551. See also comment:6:ticket:1951

I think that I actually got the db.tables error message ("no password supplied") twice as presented above.

Setting the password in command line works (but of course exposes the password in the bash history file).

... a major security flaw.

I don't think this is related to #2626 or #2627. I don't know if it is related to #1951.

By the way, PostgreSQL DATABASE DRIVER title should be probably changed to PostgreSQL database driver (better typography, no reason for all uppercase).

(Not sure where that is but please just fix it).

BTW: see also #2147

comment:3 Changed 4 years ago by neteler

Milestone: 7.1.07.2.0

Milestone renamed

comment:4 Changed 3 years ago by neteler

Milestone: 7.2.07.2.1

Ticket retargeted after milestone closed

comment:5 Changed 3 years ago by martinl

Milestone: 7.2.17.2.2

comment:6 Changed 2 years ago by neteler

Milestone: 7.2.27.2.3

Ticket retargeted after milestone closed

comment:7 Changed 21 months ago by martinl

Milestone: 7.2.3

Ticket retargeted after milestone closed

comment:8 Changed 21 months ago by martinl

Milestone: 7.2.4
Note: See TracTickets for help on using tickets.