* sql and auth-source
@ 2020-11-26 12:46 Robert via Users list for the GNU Emacs text editor
2020-11-26 19:49 ` Filipp Gunbin
2020-11-27 1:58 ` Jean Louis
0 siblings, 2 replies; 5+ messages in thread
From: Robert via Users list for the GNU Emacs text editor @ 2020-11-26 12:46 UTC (permalink / raw)
To: help-gnu-emacs@gnu.org
Hello,
how to configure the sql mode to work with a wallet file?
A code example would be very helpful.
I found function sql-auth-source-search-wallet, but i don't know how to use it.
https://git.savannah.gnu.org/cgit/emacs.git/tree/lisp/progmodes/sql.el#n736
Help please.
--
Robert
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: sql and auth-source
2020-11-26 12:46 sql and auth-source Robert via Users list for the GNU Emacs text editor
@ 2020-11-26 19:49 ` Filipp Gunbin
2020-11-27 1:58 ` Jean Louis
1 sibling, 0 replies; 5+ messages in thread
From: Filipp Gunbin @ 2020-11-26 19:49 UTC (permalink / raw)
To: Robert via Users list for the GNU Emacs text editor; +Cc: Robert
On 26/11/2020 12:46 +0000, Robert via Users list for the GNU Emacs text editor wrote:
> Hello,
>
> how to configure the sql mode to work with a wallet file?
> A code example would be very helpful.
>
> I found function sql-auth-source-search-wallet, but i don't know how to use it.
> https://git.savannah.gnu.org/cgit/emacs.git/tree/lisp/progmodes/sql.el#n736
> Help please.
>
> --
> Robert
Generally, (setq sql-password-wallet '("~/my/sql-wallet.gpg")) should be
enough.
But, from what I recently found while investigating how it (not) works
for Postgres, I can tell the following:
The value of sql-password-search-wallet-function is used for searching,
it's usually the function sql-auth-source-search-wallet.
You can test whether it works (like, is able to decrypt gpg and parse) by
something like the following:
(sql-auth-source-search-wallet sql-password-wallet 'postgres "my_user" "localhost" "my_db" 5432)
BUT, sql-connect and friends will actually call the function in
sql-password-search-wallet-function only if sql-postgres-login-params
contains password login parameter, and it doesn't (this can be checked
with (sql-get-product-feature 'postgres :sqli-login)). This is because
the login function, sql-comint-postgres, does not make use of it.
So, for Postgres, this looks like it's yet to be implemented.
Nevertheless, I was able to at least make use of sql-wallet file to
auto-set sql-connection-alist with this code:
(defun fg-dotemacs-get-sql-connections (file)
(mapcar
(lambda (alist)
(let* ((machine (cdr (assoc "machine" alist)))
(machine-list (split-string machine "/"))
(host (nth 0 machine-list))
(database (nth 1 machine-list))
(name (cond ((string= host "localhost")
(concat "local-" database))
((string-match-p "\\.prod$" host)
(concat "prod-" database))
;; more rules...
(t
(concat host "-" database)))))
`(,name
(sql-product (quote ,(intern (cdr (assoc "product" alist)))))
(sql-user ,(cdr (assoc "user" alist)))
(sql-database ,database)
(sql-server ,host)
(sql-port ,(string-to-number (cdr (assoc "port" alist)))))))
(auth-source-netrc-parse
:file file :host t :port t :user t)))
(setq sql-connection-alist
(fg-dotemacs-get-sql-connections (car sql-password-wallet)))
Filipp
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: sql and auth-source
2020-11-26 12:46 sql and auth-source Robert via Users list for the GNU Emacs text editor
2020-11-26 19:49 ` Filipp Gunbin
@ 2020-11-27 1:58 ` Jean Louis
2020-11-27 6:52 ` Robert
1 sibling, 1 reply; 5+ messages in thread
From: Jean Louis @ 2020-11-27 1:58 UTC (permalink / raw)
To: Robert; +Cc: help-gnu-emacs@gnu.org
* Robert via Users list for the GNU Emacs text editor <help-gnu-emacs@gnu.org> [2020-11-26 18:20]:
> Hello,
>
> how to configure the sql mode to work with a wallet file?
> A code example would be very helpful.
>
> I found function sql-auth-source-search-wallet, but i don't know how to use it.
> https://git.savannah.gnu.org/cgit/emacs.git/tree/lisp/progmodes/sql.el#n736
What you configure is .authinfo then how I understand, the sql-mode
would search for user/password and server datails in .authinfo by
using that function. Unless you are programming you need not use that
function. And function is prefixed sql- only because it belongs to sql
mode, not that it is doing any SQL itself.
I have not configured authinfo as I mostly work with local database.
Instead I have configured environment variables:
export PGDATABASE="databasename"
export PGUSER='username'
export PGCLIENTENCODING='UTF8'
You better say what you wish to achieve, do you wish to remember
credentials for remote databases?
File ~/.authinfo is in format:
host localhost port port-number user user-ID password password
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: sql and auth-source
2020-11-27 1:58 ` Jean Louis
@ 2020-11-27 6:52 ` Robert
2020-11-27 7:10 ` Jean Louis
0 siblings, 1 reply; 5+ messages in thread
From: Robert @ 2020-11-27 6:52 UTC (permalink / raw)
To: Jean Louis; +Cc: help-gnu-emacs@gnu.org
The ideal solution will include:
- no passwords in init.el
- I connect to the database using sql-connect or sql-postgres (usually PostgreSQL)
- when connecting, I choose an alias to the database
- I am only asked to enter a password in order to decrypt the authinfo wallet file
--
Robert
Sent from ProtonMail, encrypted email based in Switzerland.
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On Friday, November 27, 2020 2:58 AM, Jean Louis <bugs@gnu.support> wrote:
> * Robert via Users list for the GNU Emacs text editor help-gnu-emacs@gnu.org [2020-11-26 18:20]:
>
> > Hello,
> > how to configure the sql mode to work with a wallet file?
>
> > A code example would be very helpful.
> > I found function sql-auth-source-search-wallet, but i don't know how to use it.
> > https://git.savannah.gnu.org/cgit/emacs.git/tree/lisp/progmodes/sql.el#n736
>
> What you configure is .authinfo then how I understand, the sql-mode
> would search for user/password and server datails in .authinfo by
> using that function. Unless you are programming you need not use that
> function. And function is prefixed sql- only because it belongs to sql
> mode, not that it is doing any SQL itself.
>
> I have not configured authinfo as I mostly work with local database.
>
> Instead I have configured environment variables:
>
> export PGDATABASE="databasename"
> export PGUSER='username'
> export PGCLIENTENCODING='UTF8'
>
> You better say what you wish to achieve, do you wish to remember
> credentials for remote databases?
>
> File ~/.authinfo is in format:
>
> host localhost port port-number user user-ID password password
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: sql and auth-source
2020-11-27 6:52 ` Robert
@ 2020-11-27 7:10 ` Jean Louis
0 siblings, 0 replies; 5+ messages in thread
From: Jean Louis @ 2020-11-27 7:10 UTC (permalink / raw)
To: Robert; +Cc: help-gnu-emacs@gnu.org
* Robert <rchar@protonmail.com> [2020-11-27 09:52]:
> The ideal solution will include:
> - no passwords in init.el
I do keep passwords in init.el as it is personal file.
I do not keep passwords in init.el on remote servers. Then I would
prefer entering them. If it is multi user server then what if
administrator or some other user with access rights or backdoor is
listening on tty to read what I am typing?
Change permissions:
-rw------- 1 50K Nov 25 22:04 init.el
Use better umask limits and also change permission on /home/user
directory to be user readable only if user is "protected" then
/home/protected would be:
drwx------ 244 92K Nov 27 09:22 protected
Database password is not the only thing that is private, there are
other more important or more private things in the user's directory.
Unless init.el is not published for demonstrations it can be used to
store passwords.
> - I connect to the database using sql-connect or sql-postgres
> - (usually PostgreSQL) when connecting, I choose an alias to the
> - database
> - I am only asked to enter a password in order to decrypt the
> - authinfo wallet file
Interesting, as I may use those methods for program I am developing
when it comes to be used by public.
For Unix domain sockets I use trust method in pg_hba.conf
# "local" is for Unix domain socket connections only
local all all trust
For remote databases SSL security with usernames and passwords is
necessary.
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2020-11-27 7:10 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2020-11-26 12:46 sql and auth-source Robert via Users list for the GNU Emacs text editor
2020-11-26 19:49 ` Filipp Gunbin
2020-11-27 1:58 ` Jean Louis
2020-11-27 6:52 ` Robert
2020-11-27 7:10 ` Jean Louis
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).