Thread

  1. Re: Postgres in bash-mode

    Maarten Boekhold <maarten.boekhold@reuters.com> — 2002-01-13T06:20:53Z

    On 01/12/2002 06:03:44 PM Karl DeBisschop wrote:
    > On Sat, 2002-01-12 at 03:32, David Terrell wrote:
    > > On Thu, Jan 10, 2002 at 09:07:50AM +0100, Alexander Pucher wrote:
    > > > I need to run a shell script that logs in to Postgresql, executes a
    > > > query and logs off again.
    
    > > > My problem is that I can't find a way to put the password in an 
    'psql'
    > > > statement at the prompt.
    
    > If you absolutely need to do something like this, look into expect.
    
    Woul be useful if there's an example expect script for this somewhere in 
    the distribution or documentation. Lots of people don't know expect, and 
    don't want to learn it. They just want to automate database tasks.
    
    Maarten
    
    ----
    
    Maarten Boekhold, maarten.boekhold@reuters.com
    
    Reuters Consulting / TIBCO Finance Technology Inc.
    Dubai Media City
    Building 1, 5th Floor
    PO Box 1426
    Dubai, United Arab Emirates
    tel:+971(0)4 3918300 ext 249
    fax:+971(0)4 3918333
    mob:+971(0)505526539
    
    ------------------------------------------------------------- ---
            Visit our Internet site at http://www.reuters.com
    
    Any views expressed in this message are those of  the  individual
    sender,  except  where  the sender specifically states them to be
    the views of Reuters Ltd.
    
  2. Re: Postgres in bash-mode

    Karl DeBisschop <kdebisschop@range.infoplease.com> — 2002-01-13T11:41:06Z

    On Sun, 2002-01-13 at 01:20, Maarten.Boekhold@reuters.com wrote:
    > On 01/12/2002 06:03:44 PM Karl DeBisschop wrote:
    > > On Sat, 2002-01-12 at 03:32, David Terrell wrote:
    > > > On Thu, Jan 10, 2002 at 09:07:50AM +0100, Alexander Pucher wrote:
    > > > > I need to run a shell script that logs in to Postgresql, executes a
    > > > > query and logs off again.
    > 
    > > > > My problem is that I can't find a way to put the password in an 
    > 'psql'
    > > > > statement at the prompt.
    > 
    > > If you absolutely need to do something like this, look into expect.
    > 
    > Woul be useful if there's an example expect script for this somewhere in 
    > the distribution or documentation. Lots of people don't know expect, and 
    > don't want to learn it. They just want to automate database tasks.
    
    Before you forga ahead with expect, perhaps you als want to read the
    docs for pg_hba.conf.
    
    As I said, expect can be secure if uoy are careful (make sure noone else
    can read the scipt). But it's not alot of fun to maintain.
    
    There are other options. If you want to avoid admiin hassles, I'd
    suggest looking into ident on a close set of machines. If the machine in
    question is not close by, then try ssh to make them seem closer.
    
    Basically, you can trust identd if and only if you know that its your
    identd. But with identd, you can have a large number of scripts that
    continue to work after you change the password. (Note that you cannot
    use identd on the ub=nix socket).
    
    We are presently revamping our own security. If I had a good example of
    a system in a final state, I'd post it. I don't know, but maybe someone
    else can. Or maybe in a few weeks I'll post ours, if I can assure myself
    that disclosure won't reduce scurity (iff well designed, that should be
    the case, I think). 
    
    Karl
    
    
  3. Re: Postgres in bash-mode

    David Terrell <dbt@meat.net> — 2002-01-13T11:43:25Z

    On Sun, Jan 13, 2002 at 06:41:06AM -0500, Karl DeBisschop wrote:
    > Basically, you can trust identd if and only if you know that its your
    > identd. But with identd, you can have a large number of scripts that
    > continue to work after you change the password. (Note that you cannot
    > use identd on the ub=nix socket).
    > 
    > We are presently revamping our own security. If I had a good example of
    > a system in a final state, I'd post it. I don't know, but maybe someone
    > else can. Or maybe in a few weeks I'll post ours, if I can assure myself
    > that disclosure won't reduce scurity (iff well designed, that should be
    > the case, I think). 
    
    7.2 can run something like ident but better (guaranteed accurate) on 
    the unix socket on BSD and linux.
    
    -- 
    David Terrell            | "The fact that you can't name the place
    dbt@meat.net             | you're going to die doesn't mean you
    http://wwn.nebcorp.com/  | shouldn't pay attention to your health." -whg3
    
    
  4. Re: Postgres in bash-mode

    Karl DeBisschop <kdebisschop@range.infoplease.com> — 2002-01-13T11:50:48Z

    On Sun, 2002-01-13 at 06:43, David Terrell wrote:
    > On Sun, Jan 13, 2002 at 06:41:06AM -0500, Karl DeBisschop wrote:
    > > Basically, you can trust identd if and only if you know that its your
    > > identd. But with identd, you can have a large number of scripts that
    > > continue to work after you change the password. (Note that you cannot
    > > use identd on the ub=nix socket).
    > 
    > 7.2 can run something like ident but better (guaranteed accurate) on 
    > the unix socket on BSD and linux.
    
    
    That's cool. Looks like I just got my rationale for doing the 7.2
    upgrade sooner rather than later.
    
    --
    Karl