(sql-postgres-login-params): Add user and database defaults.

(sql-postgres-login-params): Add user and database defaults.

[Sam Steingold]

Michael,
Why did you add defaults to the sql-postgres-login-params option?
No other sql-<product>-login-params have them.
(The list also misses the password, but that was even before your
36827ec251bb18183110463a83d55b205653fd5d commit).
Thanks.
-- 
Sam Steingold (http://sds.podval.org/) on darwin Ns 10.3.1343
http://www.childpsy.net/ http://dhimmi.org http://iris.org.il http://camera.org
http://www.memritv.org http://mideasttruth.com http://memri.org
My name is Deja Vu. Have we met before?

Re: (sql-postgres-login-params): Add user and database defaults.

[Michael Mauger]

> On Friday, November 7, 2014 2:37 PM, Sam Steingold <sds@gnu.org> wrote:

> Michael,
> Why did you add defaults to the sql-postgres-login-params option?
> No other sql-<product>-login-params have them.
> (The list also misses the password, but that was even before your
> 36827ec251bb18183110463a83d55b205653fd5d commit).
> Thanks.


That was a commit from 4 years ago; I have problems remembering last week.

A few related items:

* The defaults specified in the login-params are the same as the psql 

program, but I am certainly open to changing the defaults or eliminating
them entirely if people agree.  I don't use PG often so I'm certainly 

open to feedback from regular users of it.  And obviously, you can
customize its value to suit your workflow better.

* The reason that there is no support for entering the password in 

postgres is that there is no command line option or syntax available 

to pass the value in `psql'.  


There is a long open bug report identifying passing passwords on the 

command line as being a security risk, but I have not implemented an
alternative mechanism.  I am hacking a mechanism currently to not pass
password on the command line and provide it as program input when 

prompted.  Postgres is one platform that could benefit from such behavior.


There is also a bug in the just released sql.el code related to buffering 

output lines and eating continuation prompts issued by the command 

processor relative to multiline SQL statements.  It interferes with the
password prompt issued by psql which is very unfortunate.  A bug fix is
forthcoming on this just in time for release with GNU Emacs 25.1 sometime
in 2037. :)  [And, it was totally my fault for allowing the bug to slip by
in the first place; I've made adjustments to my development workflow to 

catch bugs like this sooner.]



My first focus is always to support Free/Libre database engines like Sqlite, 

Postgres and MySql/MariaDB with new features.  Unfortunately, I do not
use any of these products significantly in my day job although I spend
all day working with SQL.  Any feedback or patches are actively encouraged.

--Michael

Re: (sql-postgres-login-params): Add user and database defaults.

[Sam Steingold]

> * Michael Mauger <zvpunry@znhtre.pbz> [2014-11-09 23:39:24 +0000]:
>
>> On Friday, November 7, 2014 2:37 PM, Sam Steingold <sds@gnu.org> wrote:
>
>> Michael,
>> Why did you add defaults to the sql-postgres-login-params option?
>> No other sql-<product>-login-params have them.
>> (The list also misses the password, but that was even before your
>> 36827ec251bb18183110463a83d55b205653fd5d commit).
>> Thanks.
>
>
> That was a commit from 4 years ago; I have problems remembering last week.

:-)

> A few related items:
>
> * The defaults specified in the login-params are the same as the psql
> program, but I am certainly open to changing the defaults or
> eliminating them entirely if people agree.  I don't use PG often so
> I'm certainly open to feedback from regular users of it.  And
> obviously, you can customize its value to suit your workflow better.

I don't think these defaults are useful (to put it mildly).

> * The reason that there is no support for entering the password in
> postgres is that there is no command line option or syntax available
> to pass the value in `psql'.

"psql -W" forces password prompt, so, I think, there should be a way for
me to tell emacs which password to use.


> There is a long open bug report identifying passing passwords on the
> command line as being a security risk, but I have not implemented an
> alternative mechanism.  I am hacking a mechanism currently to not pass
> password on the command line and provide it as program input when
> prompted.  Postgres is one platform that could benefit from such behavior.

I know of security implication of passing passwords on the command
line, but I disagree that this should be disabled. A note in the man
page and the usage message printed by "--help" should be enough.


> Any feedback or patches are actively encouraged.

Thanks.

-- 
Sam Steingold (http://sds.podval.org/) on darwin Ns 10.3.1343
http://www.childpsy.net/ http://jihadwatch.org http://islamexposedonline.com
http://americancensorship.org http://truepeace.org http://honestreporting.com
If your VCR is still blinking 12:00, you don't want Linux.

Re: (sql-postgres-login-params): Add user and database defaults.

[Sam Steingold]

On Mon, Nov 10, 2014 at 9:49 PM, Michael Mauger <michael@mauger.com> wrote:
> On Monday, November 10, 2014 4:15 PM, Sam Steingold <sds@gnu.org> wrote:
>>> * Michael Mauger <michael@mauger.com> [2014-11-09 23:39:24 +0000]:
>>>> On Friday, November 7, 2014 2:37 PM, Sam Steingold <sds@gnu.org> wrote:
>>>> Why did you add defaults to the sql-postgres-login-params option?
>>>> No other sql-<product>-login-params have them.
>>I don't think these defaults are useful (to put it mildly).
> So, do you recommend removing the defaults entirely (as opposed to offering an alternative) for both username and database?

yes, I recommend that they are set to the flat list like other products

> Are there any others who would like to be heard on this topic?  Without additional feedback, I'll go ahead and remove the defaults.

you sent your email to me only, not to the list.
this reply goes to the list.

> Again the lack of prompting/storing of the password is not due the the security concern but because the password cannot be passed directly on the command line.  MySql and Oracle support grab the password and pass the password along with the username on the command line; resulting in the security bug submission.  The implementation of passing passwords on the command line pre-dates my involvement in sql.el, so while I can't accept blame for the shortcoming, I do accept responsibilty for building a working solution.  I'm hacking on it currently.

Thanks!

Sam