Hi folks,
probably this is a question you've heard so many times
but I wasn't able to find a solution to it.
I'm using a shell script to create a textfile for me.
It looks like
#!/usr/local/bin/bash
psql -c "select foo from bar;" -d database1 -t
psql -c "\q" -d database1
exit 0
The second psql -c "\q" command is used to logout from
the first database. But I'm not sure whether this is
correct. How do I mix these sql and psql meta-commands
otherwise if I want to be able to use myscript >
output.txt to get the output from this select
statement in the file output.txt. I'm planning to
write a cron job for it too.
Another issues is passwords. Normally when I log onto
database1, I have to issue a password because only the
superuser is trusted in the pg_hba.conf file. However
for scripts that I want to be able to run in the
background like this one, I had to add an entry to the
pg_hba.conf file to trust this user also. But as from
security point of view, I'm wondering if this is the
best way to achieve it.
Thanks in advance
_______________ _______________ ____
Do you Yahoo!?
Yahoo! Mail is new and improved - Check it out! http://promotions.yahoo.com/new_mail
---------------------------(end of broadcast)---------------------------
TIP 6: Have you searched our list archives? http://archives.postgresql.org 15 2512
On 18/08/2004 12:57 Dino Vliet wrote: Hi folks, probably this is a question you've heard so many times but I wasn't able to find a solution to it.
I'm using a shell script to create a textfile for me. It looks like #!/usr/local/bin/bash psql -c "select foo from bar;" -d database1 -t psql -c "\q" -d database1 exit 0
The second psql -c "\q" command is used to logout from the first database. But I'm not sure whether this is correct.
Not needed. The 1st command will exit by itself (man psql).
How do I mix these sql and psql meta-commands otherwise if I want to be able to use myscript > output.txt to get the output from this select statement in the file output.txt. I'm planning to write a cron job for it too.
You could use $HOME/.psqlrc. Another issues is passwords. Normally when I log onto database1, I have to issue a password because only the superuser is trusted in the pg_hba.conf file. However for scripts that I want to be able to run in the background like this one, I had to add an entry to the pg_hba.conf file to trust this user also. But as from security point of view, I'm wondering if this is the best way to achieve it.
You could use $HOME/.pgpass.
--
Paul Thomas
+------------------------------+---------------------------------------------+
| Thomas Micro Systems Limited | Software Solutions for
Business |
| Computer Consultants | http://www.thomas-micro-systems-ltd.co.uk |
+------------------------------+---------------------------------------------+
---------------------------(end of broadcast)---------------------------
TIP 5: Have you checked our extensive FAQ? http://www.postgresql.org/docs/faqs/FAQ.html
Dino Vliet wrote: Hi folks, probably this is a question you've heard so many times but I wasn't able to find a solution to it.
I'm using a shell script to create a textfile for me. It looks like #!/usr/local/bin/bash psql -c "select foo from bar;" -d database1 -t psql -c "\q" -d database1 exit 0
Put your commands in a separate file and run them with psql -f myfile.
That's simplest.
The second psql -c "\q" command is used to logout from the first database. But I'm not sure whether this is correct. How do I mix these sql and psql meta-commands otherwise if I want to be able to use myscript > output.txt to get the output from this select statement in the file output.txt. I'm planning to write a cron job for it too.
You can set an output file from psql with \o output.txt.
Another issues is passwords. Normally when I log onto database1, I have to issue a password because only the superuser is trusted in the pg_hba.conf file. However for scripts that I want to be able to run in the background like this one, I had to add an entry to the pg_hba.conf file to trust this user also. But as from security point of view, I'm wondering if this is the best way to achieve it.
You'll want to investigate the .pgpass file. See the chapter:
Client Interfaces / libpq / files
--
Richard Huxton
Archonet Ltd
---------------------------(end of broadcast)---------------------------
TIP 2: you can get off all lists at once with the unregister command
(send "unregister YourEmailAddres sHere" to ma*******@postg resql.org)
The world rejoiced as di********@yaho o.com (Dino Vliet) wrote: Hi folks, probably this is a question you've heard so many times but I wasn't able to find a solution to it.
I'm using a shell script to create a textfile for me. It looks like #!/usr/local/bin/bash psql -c "select foo from bar;" -d database1 -t psql -c "\q" -d database1 exit 0
The second psql -c "\q" command is used to logout from the first database. But I'm not sure whether this is correct. How do I mix these sql and psql meta-commands otherwise if I want to be able to use myscript > output.txt to get the output from this select statement in the file output.txt. I'm planning to write a cron job for it too.
You oughtn't need to put in the explicit quit, "\q"; the "^D" that
occurs at the end of the input stream would close things out nicely.
Another issues is passwords. Normally when I log onto database1, I have to issue a password because only the superuser is trusted in the pg_hba.conf file. However for scripts that I want to be able to run in the background like this one, I had to add an entry to the pg_hba.conf file to trust this user also. But as from security point of view, I'm wondering if this is the best way to achieve it.
Check the docs for information on the "care and feeding" of .pgpass.
You can put authentication information into $HOME/.pgpass and anything
running using libpq will automatically look there.
The passwords sit there in plain text form; it might be nice to use
some encoded form (similar to the way Apache handles authentication) .
But .pgpass at least has the existing merit that you don't have to
have passwords in your scripts.
--
let name="cbbrowne" and tld="acm.org" in name ^ "@" ^ tld;; http://cbbrowne.com/info/spreadsheets.html
/Utopia-Bold 40 selectfont/n{moveto}def/p{gsave true charpath clip 72
400 n 300 -4 1{dup 160 300 3 -1 roll 0 360 arc 300 div 1 1 sethsbcolor
fill}for grestore 0 -60 rmoveto}def 72 500 n(This signature has been)p
(brought to you by the)p(letter Q and the number 42.)p(Chris Browne)
p(ch***@cbbrown e.com)p showpage
On Wed, Aug 18, 2004 at 04:20:55PM -0400, Christopher Browne wrote: Check the docs for information on the "care and feeding" of .pgpass. You can put authentication information into $HOME/.pgpass and anything running using libpq will automatically look there.
The passwords sit there in plain text form; it might be nice to use some encoded form (similar to the way Apache handles authentication) .
Not sure what you mean here. Apache handles the server-side
authentication by storing a hashed version of the password (I take it
you are talking about the .htpasswd files). However .pgpass is for
client-side password storage. Do you know of a better way to store the
password than the plain text version?
I know CVS stores a mangled version, but it's trivial to go from the
stored password to the cleartext password, so a cracker can still get
the password easily, and it would be a PITA for the users to have to
process the password before storing if they are not going to get any
extra security. Other ideas?
The problem here is that the password can't be stored one-way-hash
digested, because the cleartext version is needed to be sent to the
server.
--
Alvaro Herrera (<alvherre[a]dcc.uchile.cl>)
"Ellos andaban todos desnudos como su madre los parió, y también las mujeres,
aunque no vi más que una, harto moza, y todos los que yo vi eran todos
mancebos, que ninguno vi de edad de más de XXX años" (Cristóbal Colón)
---------------------------(end of broadcast)---------------------------
TIP 5: Have you checked our extensive FAQ? http://www.postgresql.org/docs/faqs/FAQ.html
Hello list,
Citing Alvaro Herrera <al******@dcc.u chile.cl>: The problem here is that the password can't be stored one-way-hash digested, because the cleartext version is needed to be sent to the server.
Actually why this is so has been a question for me for some time now, too.
Did just nobody have the time / idea to implement support for sending
hashed passwords to the server, or are there serious difficulties involved
with this, and I don't see them?
Regards,
Daniel
---------------------------(end of broadcast)---------------------------
TIP 1: subscribe and unsubscribe commands go to ma*******@postg resql.org
On Thu, 2004-08-19 at 08:30, Daniel Martini wrote: Hello list,
Citing Alvaro Herrera <al******@dcc.u chile.cl>: The problem here is that the password can't be stored one-way-hash digested, because the cleartext version is needed to be sent to the server.
Actually why this is so has been a question for me for some time now, too. Did just nobody have the time / idea to implement support for sending hashed passwords to the server, or are there serious difficulties involved with this, and I don't see them?
As far as I am aware, crypt and md5 passwords are not sent in cleartext
form. password passwords (?!) are sent clear, but their use is
deprecated.
I think the password can't be stored hash-digested because it has to be
encrypted with a salt established at runtime. If you could just send
the same hash-digested password over and over, it would be no more
secure than a plaintext one.
Oliver Elphick
---------------------------(end of broadcast)---------------------------
TIP 8: explain analyze is your friend
Oliver Elphick <ol**@lfix.co.u k> writes: I think the password can't be stored hash-digested because it has to be encrypted with a salt established at runtime. If you could just send the same hash-digested password over and over, it would be no more secure than a plaintext one.
[ looks at code... ] The actual algorithm is
t = md5hash(clearte xt_password || username);
p = md5hash(t || salt);
transmit p;
where || means string concatenation. On the server side, t is the value
actually stored in pg_shadow, so it just has to do the second step to
obtain the value to compare to the password message.
In theory we could make libpq accept the password in the form of t
rather than cleartext_passw ord, but I pretty much fail to see the point.
regards, tom lane
---------------------------(end of broadcast)---------------------------
TIP 4: Don't 'kill -9' the postmaster
Hi,
Am Do, den 19.08.2004 schrieb Tom Lane um 16:44: Oliver Elphick <ol**@lfix.co.u k> writes: I think the password can't be stored hash-digested because it has to be encrypted with a salt established at runtime. If you could just send the same hash-digested password over and over, it would be no more secure than a plaintext one.
[ looks at code... ] The actual algorithm is
t = md5hash(clearte xt_password || username); p = md5hash(t || salt); transmit p;
where || means string concatenation. On the server side, t is the value actually stored in pg_shadow, so it just has to do the second step to obtain the value to compare to the password message.
In theory we could make libpq accept the password in the form of t rather than cleartext_passw ord, but I pretty much fail to see the point.
Actually it is a bit lame anyway ;) Since the database readable
string is really the key it does not matter how it is generated
in the first place. So in the current situation, there is no
advantage over clear text passwords then.
(Ok, it saves us from "over the shoulder looking") but not more.
Otoh, if one needs security, there is a pretty (open)ssl - layer
and it even supports client certificates...
Regards
Tino Wildenhain
PS: the hash would suit better when used in a challenge authorization,
meaning the server sends a random key, let the client
hash(random_key || md5( cleartext_passw ord || username ) )
and compare it on server with
hash(random_key || stored_password )
---------------------------(end of broadcast)---------------------------
TIP 7: don't forget to increase your free space map settings
Tino Wildenhain <ti**@wildenhai n.de> writes: PS: the hash would suit better when used in a challenge authorization, meaning the server sends a random key, let the client hash(random_key || md5( cleartext_passw ord || username ) ) and compare it on server with hash(random_key || stored_password )
Hm? That is exactly what we're doing.
regards, tom lane
---------------------------(end of broadcast)---------------------------
TIP 8: explain analyze is your friend This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics |
by: Rodd Snook |
last post by:
I have an application which makes extensive use of the
Scripting.Dictionary object. I'm not doing anything silly like putting
them outside the page scope -- just creating quite a few of them and
stuffing quite a lot of data (from and MS SQL database) into them.
On Windows 2000 server, everything is fine. If the data structures get
really big it slows down, but for normal operation it's no problem.
Recently our hosting provider moved to...
|
by: Daniel Schuchardt |
last post by:
Hi @ all,
i'm sure there was a psql-function to transfere my Blob-Data to the
server but I can't remember.
I have a script like this :
UPDATE xy SET z = lo_import('localpath_and_file');
but i want to execute this script from the client and so my blob-data is
|
by: Andrew M. Olson |
last post by:
Hi,
I am trying to access PostgreSQL remotely with psql, and I am having some
trouble. I am running the server with the -i option to allow Tcp-sockets
and the pg_hba.conf is configed to let my subnet access it. I can access
the server locally and with the pgAdmin III on Win2K. What is even
stranger is that psql works remotely with the -l or -c option, but when I
just try to connect it sits there, no errors(on the server either), no...
|
by: Howard Lowndes |
last post by:
My situation is that I am interacting PHP 4.1.2 to PostgreSQL 7.2.2
I have no difficulty inserting and managing BLOBs into the Large Object
system table, and I have a user table called images which maintains the
relationship between the BLOB loid and the identity that relates to it in
my user tables. So far so good.
When I RTFM obout psql it refers to the \lo_import, \lo_list, \lo_export
and \lo_unlink functions.
|
by: Willem Herremans |
last post by:
I am developing a client application for postgreSQL in Tcl/Tk (see
http://gborg.postgresql.org/project/pfm ).
It mainly uses PgTcl or pgintcl. I don't have any problems with those,
but I am also trying to call psql from my application for SQL statements
typed directly by the user.
I have used the Tcl command
set psqlChannel
| |
by: Ed L. |
last post by:
The planner is choosing a sequential scan for my query. I am trying
to understand why since it is clearly not the fastest choice, and
what the proper tuning dial is to adjust here. Here's the query:
select count(1) from measurement where measure_id = 98;
TIA. Here are the details:
% psql -c "\d measurement"
Table "public.measurement"
|
by: Jerome Lyles |
last post by:
I took the white space between characters out of my script 'create.txt4' and
ran it on database 'test'. There were errors:
26
27 -- Create Orders Table
28
29 CREATE TABLE Orders
30 (
31 Order_num int NOT NULL,
32 Order_date datetime NOT NULL,
|
by: John Sidney-Woollett |
last post by:
With the advent of postgres v8, would it be possible to change the
default behaviour of psql from AUTOCOMMIT=ON to AUTOCOMMIT=OFF ?
Although this might break backward compatibility, it might be acceptable
on the basis that v8 is such a major release.
Also adding a new command line parameter to control the AUTOCOMMIT
setting for those users that will experience broken scripts executed
(especially using the -c command) might help ease...
|
by: Mike Morris |
last post by:
Hi,
I've setup a postgres server (7.4) and confirmed that SSL is enabled - I can successfully
connect via tcp socket over SSL using the psql client.
From PHP4, how can I get the pg_connect function to negotiate an SSL connection?
I gather from researching the issue that pg_connect uses the same libraries as psql, so that
this should be possible. But I've tried every syntax I can think of... the "options" parameter to
pg_connect is...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look !
Part I. Meaning of...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth.
The Art of Business Website Design
Your website is...
| |
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
|
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |