On Wed, Jan 9, 2013 at 2:17 PM, Peter Eisentraut <pete...@gmx.net> wrote: > I would like to have something like ssh-askpass for libpq. The main > reason is that I don't want to have passwords in plain text on disk, > even if .pgpass is read protected. By getting the password from an > external program, I can integrate libpq tools with the host system's key > chain or wallet thing, which stores passwords encrypted.
Sounds very useful. > I'm thinking about adding a new connection option "askpass" with > environment variable PGASKPASS. One thing I haven't quite figured out > is how to make this ask for passwords only if needed. Maybe it needs > two connection options, one to say which program to use and one to say > whether to use it. > > Ideas? You could call it basically where conn->password_needed is set today. So instead of dropping it directly back to the user, call the callback, try again, and drop back to the user only if it doesn't work. That means it gets called only after the connection to the server is established, but that seems reasonable given that that's the only case when you can get a password prompt as well... You don't know the server is going to ask for a password until it gets that far. In fact, might it be interesting to allow libpq to do a simple callback for the password *as well*? to implement a password prompt directly in the application, instead of having to make multiple connections? So not just as an external command, but also availbale as a direct calback. -- Magnus Hagander Me: http://www.hagander.net/ Work: http://www.redpill-linpro.com/ -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
