Changes between Initial Version and Version 1 of Ticket #32456
- Timestamp:
- Feb 17, 2021, 5:33:37 PM (4 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
Ticket #32456
- Property Summary Pass runshell passwords as option files → Pass dbshell passwords as option files
-
Ticket #32456 – Description
initial v1 1 The runshell management commands all carry the risk of leaking passwords through process information (as noted in a comment in db.backends.mysql.client). As of Django 3.2, there is the settings_to_cmd_args_env class method, which provides an API to generate the environment needed to call the utility.1 The dbshell management commands all carry the risk of leaking passwords through process information (as noted in a comment in db.backends.mysql.client). As of Django 3.2, there is the settings_to_cmd_args_env class method, which provides an API to generate the environment needed to call the utility. 2 2 3 Using the wnvironment is somewhat more secure, but the environment of processes can potentially still be read. Both MySQL and PostgreSQL advise against using the respective environment variables.3 Using the environment is somewhat more secure, but the environment of processes can potentially still be read. Both MySQL and PostgreSQL advise against using the respective environment variables. 4 4 5 5 I want to propose a way to solve this. I already did this in django-dbbackup, which also happened to construct a command line before: