← Back to team overview

openerp-india team mailing list archive

[Bug 1124440] Re: Dumping/restoring databases prompts for password via server console

 

** Changed in: openobject-server
   Importance: Undecided => Medium

** Changed in: openobject-server
       Status: New => Confirmed

** Changed in: openobject-server
     Assignee: (unassigned) => OpenERP's Framework R&D (openerp-dev-framework)

-- 
You received this bug notification because you are a member of OpenERP
Indian Team, which is subscribed to OpenERP Server.
https://bugs.launchpad.net/bugs/1124440

Title:
  Dumping/restoring databases prompts for password via server console

Status in OpenERP Server:
  Confirmed

Bug description:
  When postgres is configured to access a database via TCP and not a
  local Unix socket, the user is prompted for a password via the server
  console when dumping or restoring databases from the web interface.

  The relevant code lives in openerp/service/web_services.py. Revision
  4424 refactored the code that sets PGPASSWORD; the current
  implementation sets this environment variable only on Windows
  machines.

  The previous code block included comments with a "FIXME" suggesting
  that setting the PGPASSWORD environment variable was not particularly
  secure on Unix machines, particularly for SaaS boxes. It is possible
  that alternate postgres configurations can authenticate the openerp
  user without a password even over TCP. (A .pgpass file should work for
  this, but is not automatically created by OpenERP.) However, this bug
  is still a regression from 6.1.

  I propose two possible solutions:

  1. Give the pg_dump and pg_restore commands the "--no-password" flag
  to prevent them from waiting for input at the server console. Both
  commands will work if there is a passwordless method of authentication
  available, but will fail immediately if not. This prevents the "Still
  loading" screen from displaying on the frontend until the password
  dialog times out at the console.

  2. In addition to the above, re-enable setting the PGPASSWORD
  environment variable on Unix systems.

  I am happy to provide a patch for either solution, but I am not sure
  whether re-enabling the PGPASSWORD functionality on Unix systems is a
  good idea.

To manage notifications about this bug go to:
https://bugs.launchpad.net/openobject-server/+bug/1124440/+subscriptions


References