unofficial mirror of help-gnu-emacs@gnu.org
 help / color / mirror / Atom feed
* sql-mode password display
@ 2005-03-02 16:57 rb
  2005-03-02 18:31 ` Kevin Rodgers
                   ` (2 more replies)
  0 siblings, 3 replies; 6+ messages in thread
From: rb @ 2005-03-02 16:57 UTC (permalink / raw)


When I use sql mode:

M-x sql-msql, then follow prompts, 

I get the interactive sql buffer which works very well for me. The only
problem is that when I list the processes, the mysql process shows my
password, and I would like to know if there is something I can do to
conceal it?

rb@antonio 102% ps -ef | grep sql
      rb      29562      29372  0 08:44:27 pts/4   0:00 grep sql
      rb      29717      15897  0 08:43:34 pts/8   0:00
      /usr/freeware/bin/mysql --user=rb --password=my_password
      --host=sanmarco test

I was trying to find wheter there was a customizable variable to
conceal/display password and with M-x customize-apropos, I discovered
that the password was displayed in the customization buffer as well:

Sql Password: Hide my_password
   State: this option has been changed outside the customize buffer.
Default password. More
Parent groups: Sql

If I start an ineractive mysql session at the command line in an xwsh
shell, I get the following (password not displayed):

rb@antonio 101% ps -ef | grep sql
      rb      29598      29535  0 08:31:14 pts/6   0:00 mysql -h
      sanmarco -u rb -p test

Also, working in shell-mode within emacs, to process a batch file, my
password is displayed in the *shell* buffer, and is retained in the
command history list.

>From Emacs shell buffer:

rb@antonio 98% mysql -vv -h sanmarco -u rb -p < dbs.sql > dbs.out0222
mysql -vv -h sanmarco -u rb -p < dbs.sql > dbs.out0222
Enter password: my_password

Within the shell, any other commands requiring a password (ssh, rlogin,
su, etc), the password is properly not displayed.

This is GNU Emacs 21.3.1. Thank you, sorry if there's an obvious or
known solution...

rb
-- 

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: sql-mode password display
  2005-03-02 16:57 sql-mode password display rb
@ 2005-03-02 18:31 ` Kevin Rodgers
  2005-03-02 20:35   ` rb
  2005-03-03 20:51 ` Michael Mauger
       [not found] ` <mailman.2522.1109885280.32256.help-gnu-emacs@gnu.org>
  2 siblings, 1 reply; 6+ messages in thread
From: Kevin Rodgers @ 2005-03-02 18:31 UTC (permalink / raw)


rb wrote:
 > When I use sql mode:
 >
 > M-x sql-mysql, then follow prompts,
 >
 > I get the interactive sql buffer which works very well for me. The only
 > problem is that when I list the processes, the mysql process shows my
 > password, and I would like to know if there is something I can do to
 > conceal it?
 >
 > rb@antonio 102% ps -ef | grep sql
 >       rb      29562      29372  0 08:44:27 pts/4   0:00 grep sql
 >       rb      29717      15897  0 08:43:34 pts/8   0:00
 >       /usr/freeware/bin/mysql --user=rb --password=my_password
 >       --host=sanmarco test

What happens if you don't enter your password when prompted by M-x
sql-mysql, i.e. just type RET?

 > I was trying to find wheter there was a customizable variable to
 > conceal/display password and with M-x customize-apropos, I discovered
 > that the password was displayed in the customization buffer as well:
 >
 > Sql Password: Hide my_password
 >    State: this option has been changed outside the customize buffer.
 > Default password. More
 > Parent groups: Sql

,----[ C-h v sql-password RET ]
| sql-password's value is ""
|
| Documentation:
| *Default password.
|
| Storing your password in a textfile such as ~/.emacs could be dangerous.
| Customizing your password will store it in your ~/.emacs file.
|
| You can customize this variable.
|
| Defined in `sql'.
`----

sql-password was changed outside of Customize by sql-get-login.  But if
you just respond with RET it will remain "".

 > If I start an ineractive mysql session at the command line in an xwsh
 > shell, I get the following (password not displayed):
 >
 > rb@antonio 101% ps -ef | grep sql
 >       rb      29598      29535  0 08:31:14 pts/6   0:00 mysql -h
 >       sanmarco -u rb -p test
 >
 > Also, working in shell-mode within emacs, to process a batch file, my
 > password is displayed in the *shell* buffer, and is retained in the
 > command history list.
 >
 > From Emacs shell buffer:
 >
 > rb@antonio 98% mysql -vv -h sanmarco -u rb -p < dbs.sql > dbs.out0222
 > mysql -vv -h sanmarco -u rb -p < dbs.sql > dbs.out0222
 > Enter password: my_password
 >
 > Within the shell, any other commands requiring a password (ssh, rlogin,
 > su, etc), the password is properly not displayed.

,----[ C-h v comint-password-prompt-regexp RET ]
| comint-password-prompt-regexp's value is
| "\\(\\([Oo]ld \\|[Nn]ew \\|'s \\|login \\|Kerberos \\|CVS \\|UNIX \\| 
SMB \\|^\\)[Pp]assword\\( (again)\\)?\\|pass 
phrase\\|\\(Enter\\|Repeat\\) passphrase\\)\\( for [^:]+\\)?:\\s *\\'"
|
| Documentation:
| *Regexp matching prompts for passwords in the inferior process.
| This is used by `comint-watch-for-password-prompt'.
|
| You can customize this variable.
|
| Defined in `comint'.
`----

M-: (string-match comint-password-prompt-regexp "Enter password: ") RET
returns nil, so I would try

(setq comint-password-prompt-regexp
       "\\(\\([Oo]ld \\|[Nn]ew \\|'s \\|login \\|Kerberos \\|CVS \\|UNIX 
\\| SMB \\|^\\)[Pp]assword\\( (again)\\)?\\|pass 
phrase\\|\\(Enter\\|Repeat\\) pass ?\\(word\\|phrase\\)\\)\\( for 
[^:]+\\)?:\\s *\\'")

-- 
Kevin Rodgers

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: sql-mode password display
  2005-03-02 18:31 ` Kevin Rodgers
@ 2005-03-02 20:35   ` rb
  2005-03-03 19:42     ` Kevin Rodgers
  0 siblings, 1 reply; 6+ messages in thread
From: rb @ 2005-03-02 20:35 UTC (permalink / raw)


Kevin Rodgers <ihs_4664@yahoo.com> writes:

> rb wrote:
>  > When I use sql mode:
>  >
>  > M-x sql-mysql, then follow prompts,
>  >
>  > I get the interactive sql buffer which works very well for me. The only
>  > problem is that when I list the processes, the mysql process shows my
>  > password, and I would like to know if there is something I can do to
>  > conceal it?
>  >
>  > rb@antonio 102% ps -ef | grep sql
>  >       rb      29562      29372  0 08:44:27 pts/4   0:00 grep sql
>  >       rb      29717      15897  0 08:43:34 pts/8   0:00
>  >       /usr/freeware/bin/mysql --user=rb --password=my_password
>  >       --host=sanmarco test
> 
> What happens if you don't enter your password when prompted by M-x
> sql-mysql, i.e. just type RET?

Thank you for the suggestion,

Without password, the server rejects the connection attempt - it is
configured to require passwords.

[...]

> M-: (string-match comint-password-prompt-regexp "Enter password: ") RET
> returns nil, so I would try
> 
> (setq comint-password-prompt-regexp
>        "\\(\\([Oo]ld \\|[Nn]ew \\|'s \\|login \\|Kerberos \\|CVS
> \\|UNIX \\| SMB \\|^\\)[Pp]assword\\( (again)\\)?\\|pass
> phrase\\|\\(Enter\\|Repeat\\) pass ?\\(word\\|phrase\\)\\)\\( for
> [^:]+\\)?:\\s *\\'")

that is what the value of comint-password-prompt-regexp already is, as
mentioned:

>  > Within the shell, any other commands requiring a password (ssh, rlogin,
>  > su, etc), the password is [properly] not displayed.

sorry, if that wasn't said clearly.

rb
-- 

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: sql-mode password display
  2005-03-02 20:35   ` rb
@ 2005-03-03 19:42     ` Kevin Rodgers
  0 siblings, 0 replies; 6+ messages in thread
From: Kevin Rodgers @ 2005-03-03 19:42 UTC (permalink / raw)


rb wrote:
 > Kevin Rodgers <ihs_4664@yahoo.com> writes:
 >>What happens if you don't enter your password when prompted by M-x
 >>sql-mysql, i.e. just type RET?
 >
 > Thank you for the suggestion,
 >
 > Without password, the server rejects the connection attempt - it is
 > configured to require passwords.

I was hoping it would prompt you and comint would DTRT.

 >>M-: (string-match comint-password-prompt-regexp "Enter password: ") RET
 >>returns nil, so I would try
 >>
 >>(setq comint-password-prompt-regexp
 >>       "\\(\\([Oo]ld \\|[Nn]ew \\|'s \\|login \\|Kerberos \\|CVS
 >>\\|UNIX \\| SMB \\|^\\)[Pp]assword\\( (again)\\)?\\|pass
 >>phrase\\|\\(Enter\\|Repeat\\) pass ?\\(word\\|phrase\\)\\)\\( for
 >>[^:]+\\)?:\\s *\\'")
 >
 > that is what the value of comint-password-prompt-regexp already is, as
 > mentioned:

Not in Emacs 21.3, where its default value fails the test that I
mentioned:

 >>M-: (string-match comint-password-prompt-regexp "Enter password: ") RET

But changing its value as above causes that test to succeed.

 >> > Within the shell, any other commands requiring a password (ssh, 
rlogin,
 >> > su, etc), the password is [properly] not displayed.

I know.  That's because their password prompts satisfy the string-match
test above, so when comint-watch-for-password-prompt is called via
comint-output-filter-functions it sends your password to the sql process
without echoing it in the buffer.

-- 
Kevin Rodgers

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: sql-mode password display
  2005-03-02 16:57 sql-mode password display rb
  2005-03-02 18:31 ` Kevin Rodgers
@ 2005-03-03 20:51 ` Michael Mauger
       [not found] ` <mailman.2522.1109885280.32256.help-gnu-emacs@gnu.org>
  2 siblings, 0 replies; 6+ messages in thread
From: Michael Mauger @ 2005-03-03 20:51 UTC (permalink / raw)


rb writes:
> 
> When I use sql mode:
> 

I'm the current maintainer of sql-mode.  I'll assume that you are using
the latest version of sql.el (available at http://savannah.gnu.org/cgi-
bin/viewcvs/emacs/emacs/lisp/progmodes/sql.el).  Prior versions were
similar so most of this will apply.

> M-x sql-msql, then follow prompts, 
> 
> I get the interactive sql buffer which works very well for me. The only
> problem is that when I list the processes, the mysql process shows my
> password, and I would like to know if there is something I can do to
> conceal it?
> 
> rb <at> antonio 102% ps -ef | grep sql
>       rb      29562      29372  0 08:44:27 pts/4   0:00 grep sql
>       rb      29717      15897  0 08:43:34 pts/8   0:00
>       /usr/freeware/bin/mysql --user=rb --password=my_password
>       --host=sanmarco test
> 
> I was trying to find wheter there was a customizable variable to
> conceal/display password and with M-x customize-apropos, I discovered
> that the password was displayed in the customization buffer as well:
> 

The problem here is that mysql accepts the password as a 
command line parameter and the `ps' shows all command line
parameters.  

The alternative is to use the `--password' (or `-p') option without a 
value and allow `mysql' to prompt you for it.  The current version
omits the `--password' option entirely if `sql-password' is an empty
string.

Take a look at the function `sql-connect-mysql' (or `sql-mysql' in
older versions).  There is a chunk of code like this:

   (if (not (string= "" sql-password))
       (setq params (append (list (concat "--password=" sql-password)) params)))

Try changing it to:

   (if (not (string= "" sql-password))
       (setq params (append (list (concat "--password=" sql-password)) params))
     (setq params (append '("--password") params)))

and remove your sql-password customization.  You will now be required 
to enter your password each time you start sql-mysql.

I don't use mysql at all so I'm not sure if this is globally appropriate.
Is it possible to connect to mysql without a password at all?  Do we need
to distinguish between prompt me for a password and there is no password?

> Sql Password: Hide my_password
>    State: this option has been changed outside the customize buffer.
> Default password. More
> Parent groups: Sql
> 

Having the password visible in custom is not something that can be 
controlled (that I know of...).  With the above change, obviously 
this becomes moot.

> If I start an ineractive mysql session at the command line in an xwsh
> shell, I get the following (password not displayed):
> 
> rb <at> antonio 101% ps -ef | grep sql
>       rb      29598      29535  0 08:31:14 pts/6   0:00 mysql -h
>       sanmarco -u rb -p test
> 
> Also, working in shell-mode within emacs, to process a batch file, my
> password is displayed in the *shell* buffer, and is retained in the
> command history list.
> 
> >From Emacs shell buffer:
> 
> rb <at> antonio 98% mysql -vv -h sanmarco -u rb -p < dbs.sql > dbs.out0222
> mysql -vv -h sanmarco -u rb -p < dbs.sql > dbs.out0222
> Enter password: my_password
> 
> Within the shell, any other commands requiring a password (ssh, rlogin,
> su, etc), the password is properly not displayed.
> 

If you modify sql.el as described above, sql-interactive-mode should
capture the password prompt and ask for your password in the minibuffer.

> This is GNU Emacs 21.3.1. Thank you, sorry if there's an obvious or
> known solution...
> 
> rb

I hope this helps.  Let me know how it turns out.  If you have any other 
suggestions concerning mysql support please send them along.

-- Michael Mauger
(Please CC: mmaug <at> yahoo <dot> com because I don't follow this 
list carefully...)

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: sql-mode password display
       [not found] ` <mailman.2522.1109885280.32256.help-gnu-emacs@gnu.org>
@ 2005-03-03 23:15   ` rb
  0 siblings, 0 replies; 6+ messages in thread
From: rb @ 2005-03-03 23:15 UTC (permalink / raw)
  Cc: help-gnu-emacs

Michael Mauger <mmaug@yahoo.com> writes:

> rb writes:
> > 
> > When I use sql mode:
> > 
> 
> I'm the current maintainer of sql-mode.  I'll assume that you are using
> the latest version of sql.el (available at http://savannah.gnu.org/cgi-
> bin/viewcvs/emacs/emacs/lisp/progmodes/sql.el).  Prior versions were
> similar so most of this will apply.

I'm not sure of the version I have been using, it's byte-compiled as
part of my emacs distribution, but I downloaded the latest version per
your indications, and the problems persist.

[...]

> The alternative is to use the `--password' (or `-p') option without a 
> value and allow `mysql' to prompt you for it.  The current version
> omits the `--password' option entirely if `sql-password' is an empty
> string.
> 
> Take a look at the function `sql-connect-mysql' (or `sql-mysql' in
> older versions).  There is a chunk of code like this:
> 
>    (if (not (string= "" sql-password))
>        (setq params (append (list (concat "--password=" sql-password)) params)))
> 
> Try changing it to:
> 
>    (if (not (string= "" sql-password))
>        (setq params (append (list (concat "--password=" sql-password)) params))
>      (setq params (append '("--password") params)))
> 
> and remove your sql-password customization.  You will now be required 
> to enter your password each time you start sql-mysql.

I modified the code per your instructions, but one thing which I may
have failed to make clear in my previous post is that I do (already)
enter the password each time I connect. I do not have the password
stored in my .emacs or any other location, and I don't have that
variable set normally.

I also may have not made clear that the password shows up in the
Customization buffer (or that varaiable is set) only once I have
started an sql-mysql session.

> I don't use mysql at all so I'm not sure if this is globally
> appropriate.  Is it possible to connect to mysql without a password at
> all?  Do we need to distinguish between prompt me for a password and
> there is no password?

It is possible to set mysql to accept connections without a password,
but it seems worse to allow universal access to the mysql server than to
allow for the possiblilty that someone could find my password.

[...]

> If you modify sql.el as described above, sql-interactive-mode should
> capture the password prompt and ask for your password in the minibuffer.

As I mentioned, that's how I do connect now.

[...]

> I hope this helps.  Let me know how it turns out.  If you have any other 
> suggestions concerning mysql support please send them along.

Thank you very much for your help. As I said in my first post, I find
the sql mode and the interactive sql connection to be very, very useful,
so thank you for that.

rb
-- 

^ permalink raw reply	[flat|nested] 6+ messages in thread

end of thread, other threads:[~2005-03-03 23:15 UTC | newest]

Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2005-03-02 16:57 sql-mode password display rb
2005-03-02 18:31 ` Kevin Rodgers
2005-03-02 20:35   ` rb
2005-03-03 19:42     ` Kevin Rodgers
2005-03-03 20:51 ` Michael Mauger
     [not found] ` <mailman.2522.1109885280.32256.help-gnu-emacs@gnu.org>
2005-03-03 23:15   ` rb

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).