* sql-mode password display
@ 2005-03-02 16:57 rb
2005-03-02 18:31 ` Kevin Rodgers
` (2 more replies)
0 siblings, 3 replies; 6+ messages in thread
From: rb @ 2005-03-02 16:57 UTC (permalink / raw)
When I use sql mode:
M-x sql-msql, then follow prompts,
I get the interactive sql buffer which works very well for me. The only
problem is that when I list the processes, the mysql process shows my
password, and I would like to know if there is something I can do to
conceal it?
rb@antonio 102% ps -ef | grep sql
rb 29562 29372 0 08:44:27 pts/4 0:00 grep sql
rb 29717 15897 0 08:43:34 pts/8 0:00
/usr/freeware/bin/mysql --user=rb --password=my_password
--host=sanmarco test
I was trying to find wheter there was a customizable variable to
conceal/display password and with M-x customize-apropos, I discovered
that the password was displayed in the customization buffer as well:
Sql Password: Hide my_password
State: this option has been changed outside the customize buffer.
Default password. More
Parent groups: Sql
If I start an ineractive mysql session at the command line in an xwsh
shell, I get the following (password not displayed):
rb@antonio 101% ps -ef | grep sql
rb 29598 29535 0 08:31:14 pts/6 0:00 mysql -h
sanmarco -u rb -p test
Also, working in shell-mode within emacs, to process a batch file, my
password is displayed in the *shell* buffer, and is retained in the
command history list.
>From Emacs shell buffer:
rb@antonio 98% mysql -vv -h sanmarco -u rb -p < dbs.sql > dbs.out0222
mysql -vv -h sanmarco -u rb -p < dbs.sql > dbs.out0222
Enter password: my_password
Within the shell, any other commands requiring a password (ssh, rlogin,
su, etc), the password is properly not displayed.
This is GNU Emacs 21.3.1. Thank you, sorry if there's an obvious or
known solution...
rb
--
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: sql-mode password display
2005-03-02 16:57 sql-mode password display rb
@ 2005-03-02 18:31 ` Kevin Rodgers
2005-03-02 20:35 ` rb
2005-03-03 20:51 ` Michael Mauger
[not found] ` <mailman.2522.1109885280.32256.help-gnu-emacs@gnu.org>
2 siblings, 1 reply; 6+ messages in thread
From: Kevin Rodgers @ 2005-03-02 18:31 UTC (permalink / raw)
rb wrote:
> When I use sql mode:
>
> M-x sql-mysql, then follow prompts,
>
> I get the interactive sql buffer which works very well for me. The only
> problem is that when I list the processes, the mysql process shows my
> password, and I would like to know if there is something I can do to
> conceal it?
>
> rb@antonio 102% ps -ef | grep sql
> rb 29562 29372 0 08:44:27 pts/4 0:00 grep sql
> rb 29717 15897 0 08:43:34 pts/8 0:00
> /usr/freeware/bin/mysql --user=rb --password=my_password
> --host=sanmarco test
What happens if you don't enter your password when prompted by M-x
sql-mysql, i.e. just type RET?
> I was trying to find wheter there was a customizable variable to
> conceal/display password and with M-x customize-apropos, I discovered
> that the password was displayed in the customization buffer as well:
>
> Sql Password: Hide my_password
> State: this option has been changed outside the customize buffer.
> Default password. More
> Parent groups: Sql
,----[ C-h v sql-password RET ]
| sql-password's value is ""
|
| Documentation:
| *Default password.
|
| Storing your password in a textfile such as ~/.emacs could be dangerous.
| Customizing your password will store it in your ~/.emacs file.
|
| You can customize this variable.
|
| Defined in `sql'.
`----
sql-password was changed outside of Customize by sql-get-login. But if
you just respond with RET it will remain "".
> If I start an ineractive mysql session at the command line in an xwsh
> shell, I get the following (password not displayed):
>
> rb@antonio 101% ps -ef | grep sql
> rb 29598 29535 0 08:31:14 pts/6 0:00 mysql -h
> sanmarco -u rb -p test
>
> Also, working in shell-mode within emacs, to process a batch file, my
> password is displayed in the *shell* buffer, and is retained in the
> command history list.
>
> From Emacs shell buffer:
>
> rb@antonio 98% mysql -vv -h sanmarco -u rb -p < dbs.sql > dbs.out0222
> mysql -vv -h sanmarco -u rb -p < dbs.sql > dbs.out0222
> Enter password: my_password
>
> Within the shell, any other commands requiring a password (ssh, rlogin,
> su, etc), the password is properly not displayed.
,----[ C-h v comint-password-prompt-regexp RET ]
| comint-password-prompt-regexp's value is
| "\\(\\([Oo]ld \\|[Nn]ew \\|'s \\|login \\|Kerberos \\|CVS \\|UNIX \\|
SMB \\|^\\)[Pp]assword\\( (again)\\)?\\|pass
phrase\\|\\(Enter\\|Repeat\\) passphrase\\)\\( for [^:]+\\)?:\\s *\\'"
|
| Documentation:
| *Regexp matching prompts for passwords in the inferior process.
| This is used by `comint-watch-for-password-prompt'.
|
| You can customize this variable.
|
| Defined in `comint'.
`----
M-: (string-match comint-password-prompt-regexp "Enter password: ") RET
returns nil, so I would try
(setq comint-password-prompt-regexp
"\\(\\([Oo]ld \\|[Nn]ew \\|'s \\|login \\|Kerberos \\|CVS \\|UNIX
\\| SMB \\|^\\)[Pp]assword\\( (again)\\)?\\|pass
phrase\\|\\(Enter\\|Repeat\\) pass ?\\(word\\|phrase\\)\\)\\( for
[^:]+\\)?:\\s *\\'")
--
Kevin Rodgers
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: sql-mode password display
2005-03-02 18:31 ` Kevin Rodgers
@ 2005-03-02 20:35 ` rb
2005-03-03 19:42 ` Kevin Rodgers
0 siblings, 1 reply; 6+ messages in thread
From: rb @ 2005-03-02 20:35 UTC (permalink / raw)
Kevin Rodgers <ihs_4664@yahoo.com> writes:
> rb wrote:
> > When I use sql mode:
> >
> > M-x sql-mysql, then follow prompts,
> >
> > I get the interactive sql buffer which works very well for me. The only
> > problem is that when I list the processes, the mysql process shows my
> > password, and I would like to know if there is something I can do to
> > conceal it?
> >
> > rb@antonio 102% ps -ef | grep sql
> > rb 29562 29372 0 08:44:27 pts/4 0:00 grep sql
> > rb 29717 15897 0 08:43:34 pts/8 0:00
> > /usr/freeware/bin/mysql --user=rb --password=my_password
> > --host=sanmarco test
>
> What happens if you don't enter your password when prompted by M-x
> sql-mysql, i.e. just type RET?
Thank you for the suggestion,
Without password, the server rejects the connection attempt - it is
configured to require passwords.
[...]
> M-: (string-match comint-password-prompt-regexp "Enter password: ") RET
> returns nil, so I would try
>
> (setq comint-password-prompt-regexp
> "\\(\\([Oo]ld \\|[Nn]ew \\|'s \\|login \\|Kerberos \\|CVS
> \\|UNIX \\| SMB \\|^\\)[Pp]assword\\( (again)\\)?\\|pass
> phrase\\|\\(Enter\\|Repeat\\) pass ?\\(word\\|phrase\\)\\)\\( for
> [^:]+\\)?:\\s *\\'")
that is what the value of comint-password-prompt-regexp already is, as
mentioned:
> > Within the shell, any other commands requiring a password (ssh, rlogin,
> > su, etc), the password is [properly] not displayed.
sorry, if that wasn't said clearly.
rb
--
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: sql-mode password display
2005-03-02 20:35 ` rb
@ 2005-03-03 19:42 ` Kevin Rodgers
0 siblings, 0 replies; 6+ messages in thread
From: Kevin Rodgers @ 2005-03-03 19:42 UTC (permalink / raw)
rb wrote:
> Kevin Rodgers <ihs_4664@yahoo.com> writes:
>>What happens if you don't enter your password when prompted by M-x
>>sql-mysql, i.e. just type RET?
>
> Thank you for the suggestion,
>
> Without password, the server rejects the connection attempt - it is
> configured to require passwords.
I was hoping it would prompt you and comint would DTRT.
>>M-: (string-match comint-password-prompt-regexp "Enter password: ") RET
>>returns nil, so I would try
>>
>>(setq comint-password-prompt-regexp
>> "\\(\\([Oo]ld \\|[Nn]ew \\|'s \\|login \\|Kerberos \\|CVS
>>\\|UNIX \\| SMB \\|^\\)[Pp]assword\\( (again)\\)?\\|pass
>>phrase\\|\\(Enter\\|Repeat\\) pass ?\\(word\\|phrase\\)\\)\\( for
>>[^:]+\\)?:\\s *\\'")
>
> that is what the value of comint-password-prompt-regexp already is, as
> mentioned:
Not in Emacs 21.3, where its default value fails the test that I
mentioned:
>>M-: (string-match comint-password-prompt-regexp "Enter password: ") RET
But changing its value as above causes that test to succeed.
>> > Within the shell, any other commands requiring a password (ssh,
rlogin,
>> > su, etc), the password is [properly] not displayed.
I know. That's because their password prompts satisfy the string-match
test above, so when comint-watch-for-password-prompt is called via
comint-output-filter-functions it sends your password to the sql process
without echoing it in the buffer.
--
Kevin Rodgers
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: sql-mode password display
2005-03-02 16:57 sql-mode password display rb
2005-03-02 18:31 ` Kevin Rodgers
@ 2005-03-03 20:51 ` Michael Mauger
[not found] ` <mailman.2522.1109885280.32256.help-gnu-emacs@gnu.org>
2 siblings, 0 replies; 6+ messages in thread
From: Michael Mauger @ 2005-03-03 20:51 UTC (permalink / raw)
rb writes:
>
> When I use sql mode:
>
I'm the current maintainer of sql-mode. I'll assume that you are using
the latest version of sql.el (available at http://savannah.gnu.org/cgi-
bin/viewcvs/emacs/emacs/lisp/progmodes/sql.el). Prior versions were
similar so most of this will apply.
> M-x sql-msql, then follow prompts,
>
> I get the interactive sql buffer which works very well for me. The only
> problem is that when I list the processes, the mysql process shows my
> password, and I would like to know if there is something I can do to
> conceal it?
>
> rb <at> antonio 102% ps -ef | grep sql
> rb 29562 29372 0 08:44:27 pts/4 0:00 grep sql
> rb 29717 15897 0 08:43:34 pts/8 0:00
> /usr/freeware/bin/mysql --user=rb --password=my_password
> --host=sanmarco test
>
> I was trying to find wheter there was a customizable variable to
> conceal/display password and with M-x customize-apropos, I discovered
> that the password was displayed in the customization buffer as well:
>
The problem here is that mysql accepts the password as a
command line parameter and the `ps' shows all command line
parameters.
The alternative is to use the `--password' (or `-p') option without a
value and allow `mysql' to prompt you for it. The current version
omits the `--password' option entirely if `sql-password' is an empty
string.
Take a look at the function `sql-connect-mysql' (or `sql-mysql' in
older versions). There is a chunk of code like this:
(if (not (string= "" sql-password))
(setq params (append (list (concat "--password=" sql-password)) params)))
Try changing it to:
(if (not (string= "" sql-password))
(setq params (append (list (concat "--password=" sql-password)) params))
(setq params (append '("--password") params)))
and remove your sql-password customization. You will now be required
to enter your password each time you start sql-mysql.
I don't use mysql at all so I'm not sure if this is globally appropriate.
Is it possible to connect to mysql without a password at all? Do we need
to distinguish between prompt me for a password and there is no password?
> Sql Password: Hide my_password
> State: this option has been changed outside the customize buffer.
> Default password. More
> Parent groups: Sql
>
Having the password visible in custom is not something that can be
controlled (that I know of...). With the above change, obviously
this becomes moot.
> If I start an ineractive mysql session at the command line in an xwsh
> shell, I get the following (password not displayed):
>
> rb <at> antonio 101% ps -ef | grep sql
> rb 29598 29535 0 08:31:14 pts/6 0:00 mysql -h
> sanmarco -u rb -p test
>
> Also, working in shell-mode within emacs, to process a batch file, my
> password is displayed in the *shell* buffer, and is retained in the
> command history list.
>
> >From Emacs shell buffer:
>
> rb <at> antonio 98% mysql -vv -h sanmarco -u rb -p < dbs.sql > dbs.out0222
> mysql -vv -h sanmarco -u rb -p < dbs.sql > dbs.out0222
> Enter password: my_password
>
> Within the shell, any other commands requiring a password (ssh, rlogin,
> su, etc), the password is properly not displayed.
>
If you modify sql.el as described above, sql-interactive-mode should
capture the password prompt and ask for your password in the minibuffer.
> This is GNU Emacs 21.3.1. Thank you, sorry if there's an obvious or
> known solution...
>
> rb
I hope this helps. Let me know how it turns out. If you have any other
suggestions concerning mysql support please send them along.
-- Michael Mauger
(Please CC: mmaug <at> yahoo <dot> com because I don't follow this
list carefully...)
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: sql-mode password display
[not found] ` <mailman.2522.1109885280.32256.help-gnu-emacs@gnu.org>
@ 2005-03-03 23:15 ` rb
0 siblings, 0 replies; 6+ messages in thread
From: rb @ 2005-03-03 23:15 UTC (permalink / raw)
Cc: help-gnu-emacs
Michael Mauger <mmaug@yahoo.com> writes:
> rb writes:
> >
> > When I use sql mode:
> >
>
> I'm the current maintainer of sql-mode. I'll assume that you are using
> the latest version of sql.el (available at http://savannah.gnu.org/cgi-
> bin/viewcvs/emacs/emacs/lisp/progmodes/sql.el). Prior versions were
> similar so most of this will apply.
I'm not sure of the version I have been using, it's byte-compiled as
part of my emacs distribution, but I downloaded the latest version per
your indications, and the problems persist.
[...]
> The alternative is to use the `--password' (or `-p') option without a
> value and allow `mysql' to prompt you for it. The current version
> omits the `--password' option entirely if `sql-password' is an empty
> string.
>
> Take a look at the function `sql-connect-mysql' (or `sql-mysql' in
> older versions). There is a chunk of code like this:
>
> (if (not (string= "" sql-password))
> (setq params (append (list (concat "--password=" sql-password)) params)))
>
> Try changing it to:
>
> (if (not (string= "" sql-password))
> (setq params (append (list (concat "--password=" sql-password)) params))
> (setq params (append '("--password") params)))
>
> and remove your sql-password customization. You will now be required
> to enter your password each time you start sql-mysql.
I modified the code per your instructions, but one thing which I may
have failed to make clear in my previous post is that I do (already)
enter the password each time I connect. I do not have the password
stored in my .emacs or any other location, and I don't have that
variable set normally.
I also may have not made clear that the password shows up in the
Customization buffer (or that varaiable is set) only once I have
started an sql-mysql session.
> I don't use mysql at all so I'm not sure if this is globally
> appropriate. Is it possible to connect to mysql without a password at
> all? Do we need to distinguish between prompt me for a password and
> there is no password?
It is possible to set mysql to accept connections without a password,
but it seems worse to allow universal access to the mysql server than to
allow for the possiblilty that someone could find my password.
[...]
> If you modify sql.el as described above, sql-interactive-mode should
> capture the password prompt and ask for your password in the minibuffer.
As I mentioned, that's how I do connect now.
[...]
> I hope this helps. Let me know how it turns out. If you have any other
> suggestions concerning mysql support please send them along.
Thank you very much for your help. As I said in my first post, I find
the sql mode and the interactive sql connection to be very, very useful,
so thank you for that.
rb
--
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2005-03-03 23:15 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2005-03-02 16:57 sql-mode password display rb
2005-03-02 18:31 ` Kevin Rodgers
2005-03-02 20:35 ` rb
2005-03-03 19:42 ` Kevin Rodgers
2005-03-03 20:51 ` Michael Mauger
[not found] ` <mailman.2522.1109885280.32256.help-gnu-emacs@gnu.org>
2005-03-03 23:15 ` rb
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).