openerp-india team mailing list archive
-
openerp-india team
-
Mailing list archive
-
Message #23466
[Bug 1124440] Re: Dumping/restoring databases prompts for password via server console
** Description changed:
When postgres is configured to access a database via TCP and not a local
Unix socket, the user is prompted for a password via the server console
when dumping or restoring databases from the web interface.
The relevant code lives in openerp/service/web_services.py. Revision
4424 refactored the code that sets PGPASSWORD; the current
implementation sets this environment variable only on Windows machines.
The previous code block included comments with a "FIXME" suggesting that
setting the PGPASSWORD environment variable was not particularly secure
on Unix machines, particularly for SaaS boxes. It is possible that
alternate postgres configurations can authenticate the openerp user
- without a password even over TCP. However, this bug is still a
- regression from 6.1.
+ without a password even over TCP. (A .pgpass file should work for this,
+ but is not automatically created by OpenERP.) However, this bug is still
+ a regression from 6.1.
I propose two possible solutions:
1. Give the pg_dump and pg_restore commands the "--no-password" flag to
prevent them from waiting for input at the server console. Both commands
will work if there is a passwordless method of authentication available,
but will fail immediately if not. This prevents the "Still loading"
screen from displaying on the frontend until the password dialog times
out at the console.
2. In addition to the above, re-enable setting the PGPASSWORD
environment variable on Unix systems.
I am happy to provide a patch for either solution, but I am not sure
whether re-enabling the PGPASSWORD functionality on Unix systems is a
good idea.
--
You received this bug notification because you are a member of OpenERP
Indian Team, which is subscribed to OpenERP Server.
https://bugs.launchpad.net/bugs/1124440
Title:
Dumping/restoring databases prompts for password via server console
Status in OpenERP Server:
New
Bug description:
When postgres is configured to access a database via TCP and not a
local Unix socket, the user is prompted for a password via the server
console when dumping or restoring databases from the web interface.
The relevant code lives in openerp/service/web_services.py. Revision
4424 refactored the code that sets PGPASSWORD; the current
implementation sets this environment variable only on Windows
machines.
The previous code block included comments with a "FIXME" suggesting
that setting the PGPASSWORD environment variable was not particularly
secure on Unix machines, particularly for SaaS boxes. It is possible
that alternate postgres configurations can authenticate the openerp
user without a password even over TCP. (A .pgpass file should work for
this, but is not automatically created by OpenERP.) However, this bug
is still a regression from 6.1.
I propose two possible solutions:
1. Give the pg_dump and pg_restore commands the "--no-password" flag
to prevent them from waiting for input at the server console. Both
commands will work if there is a passwordless method of authentication
available, but will fail immediately if not. This prevents the "Still
loading" screen from displaying on the frontend until the password
dialog times out at the console.
2. In addition to the above, re-enable setting the PGPASSWORD
environment variable on Unix systems.
I am happy to provide a patch for either solution, but I am not sure
whether re-enabling the PGPASSWORD functionality on Unix systems is a
good idea.
To manage notifications about this bug go to:
https://bugs.launchpad.net/openobject-server/+bug/1124440/+subscriptions
References
