![]() ![]() That makes it a bit less conscious! But I still think that we should stick to our discoverability principle, because it has more pros than cons, once all the wrinkles of the new feature are ironed out. Except in your case, pgcli is installed system-wide and not in a venv, so I think keyring was installed by some other package and not pgcli. That lets us know that user made the conscious choice of using keyring. Passwords are only going to be stored if both requirements are met: ![]() Discoverability is important - what's the point of a new feature if it is buried in config file and nobody will ever dig through and think about enabling it.īy default, keyring flag in pgcli config is set to True, but keyring package is listed as an optional requirement, so first time pgcli runs with this flag = True, it will tell the user: "if you want to use keyring to store passwords, you need to install the keyring package". port 5432 failed: FATAL: password authentication failed for user root. Generally, when we add a new feature (and keyring, when works correctly, is a user-friendly feature), we want it enabled. Hello the process to start to use docker on mac with docker-machine is like. This is more of a subjective matter - should the keyring be enabled by default? I'm starting to think that maybe -W should force password no matter what. In context of keyring, this behavior gets a little weird, because even when you, the user, did not provide a password, keyring did behind the scenes, so -W gets ignored. It should force password prompt in case if password is not provided. What's the intended behavior of the -W switch, described as Force password prompt? If you're willing to submit a PR, I'll happily merge that, otherwise I'll do the fix. It should prompt for password when existing password fails, and it should update stored password with the new one on successful connection. Yes, absolutely, that's the right way to handle it. Note that I'm not against (secure) password storage here, just against storing password without the user explicitly knowing about it :) This looks like a security concern for me - I'm sometimes entering sensitive production passwords there, and now I feel uneasy that they could be stored anywhere. this is more of a subjective matter - should the keyring be enabled by default? I've never edited the pgcli config, so I had no idea that it remembers passwords by default (I just thought it doesn't need to prompt for the default postgres password, which, btw, may be a good idea).Right now it looks like it doesn't do anything in this configuration, which seems weird - I'd expect it to either override the keyring and prompt for password, or print a message that keyring is enabled and that's why it doesn't prompt despite the switch. what's the intended behavior of the -W switch, described as Force password prompt? Especially when combined with the keyring.Solution proposal: maybe pgcli should prompt for password anyway when the keyring password fails? ![]() Changing it doesn't make sense, since in my case I'm connecting to different databases using the same login (using tunneled connections), so I've disabled the keyring for now. Your guess was right - the keyring was enabled and had the default password stored. ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |