Thanks so much for all the good info below Larry! Tim Sutton Co-founder of Kartoza Ex-QGIS project chairman
> On 5 Jun 2019, at 18:59, Larry Shaffer <[email protected]> wrote: > > Hi Tim, > >> On Mon, Jun 3, 2019 at 10:22 AM Tim Sutton <[email protected]> wrote: >> Hi All >> >> As explained by the subject line, I would like to reply a QGIS 3.x server >> based site where the project uses the QGIS authentication framework to store >> user names and password for the database connection in an encrypted manner. > > See these env vars for setting up access to an authentication database from > within Server: > https://github.com/qgis/QGIS/blob/master/src/server/qgsserver.cpp#L234-L238 > > I have not tested this with recent QGIS versions, but maybe someone who has > worked with Server and the auth system may have (Alessandro?). > > Most non-interactive auth method plugins should work, e.g. Basic, PKI, etc. > The OAuth2 auth plugin will not work if using a grant flow that requires > interaction; instead, use Resource Owner (the plugin doesn't support Client > Credentials grant flow). > > Of course, this means the qgis-auth.db will need pre-populated using QGIS > Desktop prior to use by Server. You will probably want to create a new > profile, so that no other credentials are stored in the SQLite qgis-auth.db > file, or restart QGIS specifically to work on a specific qgis-auth.db file > (using option --authdbdirectory <dir>). > >> I have used the authentication manager before on my desktop, but what do I >> need to do to set things up in a server environment? >> >> Also the list of supported services in ’Settings->Authentication->Installed >> Plugins’ does not currently include Oracle. Did anyone use the >> authentication manager against an Oracle database before? > > I have investigated adding auth support to Oracle in the past, but did have > the chance to implement it. Generally, since it uses a QgsDataSourceURI > object for configurations, at least the Basic auth method plugin's update > function should be easy to adapt: > https://github.com/qgis/QGIS/blame/master/src/auth/basic/qgsauthbasicmethod.cpp#L87 > > This means probably adding a conditional branch based upon oracle provider, > similar to what was done for ogr/gdal: > https://github.com/qgis/QGIS/blame/master/src/auth/basic/qgsauthbasicmethod.cpp#L201-L202 > > Then, it is a matter of just integrating the auth updating during Oracle > connections (and its pool), and adding the auth widget into the Oracle > connection GUI. This would be similar to how Postgres provider was updated to > support the auth system. > > Regards, > > Larry Shaffer > Dakota Cartography > Black Hills, South Dakota > >> Thanks! >> >> Regards >> >> Tim >> >> >> >> — >> >> >> >> >> >> >> >> >> >> Tim Sutton >> >> Co-founder: Kartoza >> Ex Project chair: QGIS.org >> >> Visit http://kartoza.com to find out about open source: >> >> Desktop GIS programming services >> Geospatial web development >> GIS Training >> Consulting Services >> >> Skype: timlinux >> IRC: timlinux on #qgis at freenode.net >> >> I'd love to connect. Here's my calendar link to make finding time easy. >> >> _______________________________________________ >> QGIS-Developer mailing list >> [email protected] >> List info: https://lists.osgeo.org/mailman/listinfo/qgis-developer >> Unsubscribe: https://lists.osgeo.org/mailman/listinfo/qgis-developer
_______________________________________________ QGIS-Developer mailing list [email protected] List info: https://lists.osgeo.org/mailman/listinfo/qgis-developer Unsubscribe: https://lists.osgeo.org/mailman/listinfo/qgis-developer
