Re: [Django] #30178: Support duck-typing for database passwords in settings

[Django]

#30178: Support duck-typing for database passwords in settings
-------------------------------------+-------------------------------------
     Reporter:  Dan Davis            |                    Owner:  Dan Davis
         Type:  Bug                  |                   Status:  assigned
    Component:  Database layer       |                  Version:  2.1
  (models, ORM)                      |
     Severity:  Normal               |               Resolution:
     Keywords:  oracle               |             Triage Stage:
                                     |  Unreviewed
    Has patch:  0                    |      Needs documentation:  0
  Needs tests:  0                    |  Patch needs improvement:  0
Easy pickings:  0                    |                    UI/UX:  0
-------------------------------------+-------------------------------------

Comment (by Dan Davis):

 Replying to [comment:3 Tim Graham]:
 > `str(get_a_password)` in your settings file is not sufficient?

 Owing to a mandated separation of duties, we developers don’t have the
 ability to restart our applications at will. But we are also mandated to
 change passwords regularly. We have handled this up to now with lazy
 evaluation of the password at the time the connection is created. Your
 suggested alternative would freeze the current password in place, and
 require a restart whenever the password changes, which is the behavior we
 are trying to avoid.

 Our DevOps has an application that will whine at us to change our
 passwords, and will generate a random good password.  However, it can't
 restart the application when the password is changed; it simply
 consistently changes the password across MySQL/Oracle/PostgreSQL etc. and
 stores the password in a symmetrically encrypted form.

 Currently, my internal module will cache the password for 5 minutes, but
 typically CONN_MAX_AGE is much larger than this in production, and no race
 condition is possible there.  We also have a failover mechanism in place,
 TCP/IP asynchronous connects, etc. underlying the simple call to
 `str(get_a_password)`.

-- 
Ticket URL: <https://code.djangoproject.com/ticket/30178#comment:4>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/065.3584c0cd70e648f487bec3dc68b93973%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.