* sql and auth-source @ 2020-11-26 12:46 Robert via Users list for the GNU Emacs text editor 2020-11-26 19:49 ` Filipp Gunbin 2020-11-27 1:58 ` Jean Louis 0 siblings, 2 replies; 5+ messages in thread From: Robert via Users list for the GNU Emacs text editor @ 2020-11-26 12:46 UTC (permalink / raw) To: help-gnu-emacs@gnu.org Hello, how to configure the sql mode to work with a wallet file? A code example would be very helpful. I found function sql-auth-source-search-wallet, but i don't know how to use it. https://git.savannah.gnu.org/cgit/emacs.git/tree/lisp/progmodes/sql.el#n736 Help please. -- Robert ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: sql and auth-source 2020-11-26 12:46 sql and auth-source Robert via Users list for the GNU Emacs text editor @ 2020-11-26 19:49 ` Filipp Gunbin 2020-11-27 1:58 ` Jean Louis 1 sibling, 0 replies; 5+ messages in thread From: Filipp Gunbin @ 2020-11-26 19:49 UTC (permalink / raw) To: Robert via Users list for the GNU Emacs text editor; +Cc: Robert On 26/11/2020 12:46 +0000, Robert via Users list for the GNU Emacs text editor wrote: > Hello, > > how to configure the sql mode to work with a wallet file? > A code example would be very helpful. > > I found function sql-auth-source-search-wallet, but i don't know how to use it. > https://git.savannah.gnu.org/cgit/emacs.git/tree/lisp/progmodes/sql.el#n736 > Help please. > > -- > Robert Generally, (setq sql-password-wallet '("~/my/sql-wallet.gpg")) should be enough. But, from what I recently found while investigating how it (not) works for Postgres, I can tell the following: The value of sql-password-search-wallet-function is used for searching, it's usually the function sql-auth-source-search-wallet. You can test whether it works (like, is able to decrypt gpg and parse) by something like the following: (sql-auth-source-search-wallet sql-password-wallet 'postgres "my_user" "localhost" "my_db" 5432) BUT, sql-connect and friends will actually call the function in sql-password-search-wallet-function only if sql-postgres-login-params contains password login parameter, and it doesn't (this can be checked with (sql-get-product-feature 'postgres :sqli-login)). This is because the login function, sql-comint-postgres, does not make use of it. So, for Postgres, this looks like it's yet to be implemented. Nevertheless, I was able to at least make use of sql-wallet file to auto-set sql-connection-alist with this code: (defun fg-dotemacs-get-sql-connections (file) (mapcar (lambda (alist) (let* ((machine (cdr (assoc "machine" alist))) (machine-list (split-string machine "/")) (host (nth 0 machine-list)) (database (nth 1 machine-list)) (name (cond ((string= host "localhost") (concat "local-" database)) ((string-match-p "\\.prod$" host) (concat "prod-" database)) ;; more rules... (t (concat host "-" database))))) `(,name (sql-product (quote ,(intern (cdr (assoc "product" alist))))) (sql-user ,(cdr (assoc "user" alist))) (sql-database ,database) (sql-server ,host) (sql-port ,(string-to-number (cdr (assoc "port" alist))))))) (auth-source-netrc-parse :file file :host t :port t :user t))) (setq sql-connection-alist (fg-dotemacs-get-sql-connections (car sql-password-wallet))) Filipp ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: sql and auth-source 2020-11-26 12:46 sql and auth-source Robert via Users list for the GNU Emacs text editor 2020-11-26 19:49 ` Filipp Gunbin @ 2020-11-27 1:58 ` Jean Louis 2020-11-27 6:52 ` Robert 1 sibling, 1 reply; 5+ messages in thread From: Jean Louis @ 2020-11-27 1:58 UTC (permalink / raw) To: Robert; +Cc: help-gnu-emacs@gnu.org * Robert via Users list for the GNU Emacs text editor <help-gnu-emacs@gnu.org> [2020-11-26 18:20]: > Hello, > > how to configure the sql mode to work with a wallet file? > A code example would be very helpful. > > I found function sql-auth-source-search-wallet, but i don't know how to use it. > https://git.savannah.gnu.org/cgit/emacs.git/tree/lisp/progmodes/sql.el#n736 What you configure is .authinfo then how I understand, the sql-mode would search for user/password and server datails in .authinfo by using that function. Unless you are programming you need not use that function. And function is prefixed sql- only because it belongs to sql mode, not that it is doing any SQL itself. I have not configured authinfo as I mostly work with local database. Instead I have configured environment variables: export PGDATABASE="databasename" export PGUSER='username' export PGCLIENTENCODING='UTF8' You better say what you wish to achieve, do you wish to remember credentials for remote databases? File ~/.authinfo is in format: host localhost port port-number user user-ID password password ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: sql and auth-source 2020-11-27 1:58 ` Jean Louis @ 2020-11-27 6:52 ` Robert 2020-11-27 7:10 ` Jean Louis 0 siblings, 1 reply; 5+ messages in thread From: Robert @ 2020-11-27 6:52 UTC (permalink / raw) To: Jean Louis; +Cc: help-gnu-emacs@gnu.org The ideal solution will include: - no passwords in init.el - I connect to the database using sql-connect or sql-postgres (usually PostgreSQL) - when connecting, I choose an alias to the database - I am only asked to enter a password in order to decrypt the authinfo wallet file -- Robert Sent from ProtonMail, encrypted email based in Switzerland. ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ On Friday, November 27, 2020 2:58 AM, Jean Louis <bugs@gnu.support> wrote: > * Robert via Users list for the GNU Emacs text editor help-gnu-emacs@gnu.org [2020-11-26 18:20]: > > > Hello, > > how to configure the sql mode to work with a wallet file? > > > A code example would be very helpful. > > I found function sql-auth-source-search-wallet, but i don't know how to use it. > > https://git.savannah.gnu.org/cgit/emacs.git/tree/lisp/progmodes/sql.el#n736 > > What you configure is .authinfo then how I understand, the sql-mode > would search for user/password and server datails in .authinfo by > using that function. Unless you are programming you need not use that > function. And function is prefixed sql- only because it belongs to sql > mode, not that it is doing any SQL itself. > > I have not configured authinfo as I mostly work with local database. > > Instead I have configured environment variables: > > export PGDATABASE="databasename" > export PGUSER='username' > export PGCLIENTENCODING='UTF8' > > You better say what you wish to achieve, do you wish to remember > credentials for remote databases? > > File ~/.authinfo is in format: > > host localhost port port-number user user-ID password password ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: sql and auth-source 2020-11-27 6:52 ` Robert @ 2020-11-27 7:10 ` Jean Louis 0 siblings, 0 replies; 5+ messages in thread From: Jean Louis @ 2020-11-27 7:10 UTC (permalink / raw) To: Robert; +Cc: help-gnu-emacs@gnu.org * Robert <rchar@protonmail.com> [2020-11-27 09:52]: > The ideal solution will include: > - no passwords in init.el I do keep passwords in init.el as it is personal file. I do not keep passwords in init.el on remote servers. Then I would prefer entering them. If it is multi user server then what if administrator or some other user with access rights or backdoor is listening on tty to read what I am typing? Change permissions: -rw------- 1 50K Nov 25 22:04 init.el Use better umask limits and also change permission on /home/user directory to be user readable only if user is "protected" then /home/protected would be: drwx------ 244 92K Nov 27 09:22 protected Database password is not the only thing that is private, there are other more important or more private things in the user's directory. Unless init.el is not published for demonstrations it can be used to store passwords. > - I connect to the database using sql-connect or sql-postgres > - (usually PostgreSQL) when connecting, I choose an alias to the > - database > - I am only asked to enter a password in order to decrypt the > - authinfo wallet file Interesting, as I may use those methods for program I am developing when it comes to be used by public. For Unix domain sockets I use trust method in pg_hba.conf # "local" is for Unix domain socket connections only local all all trust For remote databases SSL security with usernames and passwords is necessary. ^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2020-11-27 7:10 UTC | newest] Thread overview: 5+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2020-11-26 12:46 sql and auth-source Robert via Users list for the GNU Emacs text editor 2020-11-26 19:49 ` Filipp Gunbin 2020-11-27 1:58 ` Jean Louis 2020-11-27 6:52 ` Robert 2020-11-27 7:10 ` Jean Louis
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).