#30178: Support duck-typing for database passwords in settings
-------------------------------------+-------------------------------------
Reporter: Dan Davis | Owner: Dan Davis
Type: Bug | Status: assigned
Component: Database layer | Version: 2.1
(models, ORM) |
Severity: Normal | Resolution:
Keywords: oracle | Triage Stage:
| Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 1 | UI/UX: 0
-------------------------------------+-------------------------------------
Description changed by Dan Davis:
Old description:
> I have a curious use-case where, as a U.S. Federal Agency, we've built a
> rather complete mechanism to avoid having database passwords in our
> settings files. We have a common library that allows us to "get a
> password", which returns an object which is duck-typed to a string.
> When __str__ is called, it obtains the password (or uses a cached copy of
> the password) using a network protocol, and that returns that.
>
> We are mostly an Oracle shop. We are now looking at upgrading to Django
> 2.2 which will be LTS, and have formerly been on Django 1.11 which has
> been LTS.
>
> It appears that ticket #29199, aka
> https://github.com/django/django/commit/acfc650f2a6e4a79e80237eabfa923ea3a05d709,
> broke that for us.
>
> My organization would love to see this lack of duck-typing as a bug;
> rather than treating this as a request for all passwords to be pluggable
> (e.g. a Callable). Supporting duck-typing is consistent with backwards
> compatibility and also with Python philosophy.
>
> I will attempt to provide a test case and a fix. I will also evaluate
> this on other backends, because #29199 was quite legitimate.
New description:
I have a curious use-case where, as a U.S. Federal Agency, we've built a
rather complete mechanism to avoid having database passwords in our
settings files. We have a common library that allows us to "get a
password", which returns an object which is duck-typed to a string. When
__str__ is called, it obtains the password (or uses a cached copy of the
password) using a network protocol, and that returns that.
We are mostly an Oracle shop. We are now looking at upgrading to Django
2.2 which will be LTS, and have formerly been on Django 1.11 which has
been LTS.
It appears that ticket #29199, aka
https://github.com/django/django/commit/acfc650f2a6e4a79e80237eabfa923ea3a05d709,
broke that for us.
My organization would love to see this lack of duck-typing as a bug;
rather than treating this as a request for all passwords to be pluggable
(e.g. a Callable). Supporting duck-typing is consistent with backwards
compatibility and also with Python philosophy.
I will attempt to provide a test case and a fix. Separately from this
ticket, I'll check the other backends, as some users do use postgresql,
MySQL, etc. even if it is not the norm.
--
--
Ticket URL: <https://code.djangoproject.com/ticket/30178#comment:1>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-updates/065.868b15daf2e03c22f60260a5f09c007e%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.
