[7.0] Dumping/restoring databases prompts for password via server console on non-Windows platforms
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Odoo Server (MOVED TO GITHUB) |
Fix Released
|
High
|
OpenERP's Framework R&D |
Bug Description
When postgres is configured to access a database via TCP and not a local Unix socket, the user is prompted for a password via the server console when dumping or restoring databases from the web interface.
The relevant code lives in openerp/
The previous code block included comments with a "FIXME" suggesting that setting the PGPASSWORD environment variable was not particularly secure on Unix machines, particularly for SaaS boxes. It is possible that alternate postgres configurations can authenticate the openerp user without a password even over TCP. (A .pgpass file should work for this, but is not automatically created by OpenERP.) However, this bug is still a regression from 6.1.
I propose two possible solutions:
1. Give the pg_dump and pg_restore commands the "--no-password" flag to prevent them from waiting for input at the server console. Both commands will work if there is a passwordless method of authentication available, but will fail immediately if not. This prevents the "Still loading" screen from displaying on the frontend until the password dialog times out at the console.
2. In addition to the above, re-enable setting the PGPASSWORD environment variable on Unix systems.
I am happy to provide a patch for either solution, but I am not sure whether re-enabling the PGPASSWORD functionality on Unix systems is a good idea.
description: | updated |
Changed in openobject-server: | |
assignee: | nobody → OpenERP's Framework R&D (openerp-dev-framework) |
importance: | Undecided → Medium |
status: | New → Confirmed |
This patch adds the --no-password flag to pg_dump and pg_restore. It also updates the error message received when a dump/restore fails to suggest a .pgpass file in addition to checking that the db_password is specified in the configuration file.