SQL backend: Where do we store the password?
Geert Janssens
janssens-geert at telenet.be
Wed Jul 3 12:58:48 EDT 2013
On 02-07-13 20:53, Christian Stimming wrote:
> Dear Geert or John or whoever knows this,
>
> where does gnucash store the database password for MySQL or PostgreSQL
> backend? It stores the database name, host, and username directly in the URI,
> which is also visible in the file history. The URI (without the password) is
> also stored in gconf and can be observed there, as well in ~/.gnucash/books as
> a file name.
>
> But where is the password? It is obviously stored somewhere, because it will
> not be asked for next time, and when I change the database password
> separately, gnucash will no longer open the book. But where...?
>
> Take this question as a confirmation that this fact isn't documented well
> enough. At least I didn't find anything in the wiki or in the source code.
>
> Regards,
>
> Christian
> _______________________________________________
> gnucash-devel mailing list
> gnucash-devel at gnucash.org
> https://lists.gnucash.org/mailman/listinfo/gnucash-devel
On platforms that have a system wide pasword manager, the password is
stored in there. On linux systems, the gnome keyring is used. On OS X,
Apple's keychain is used. On Windows I couldn't find any system wide
password manager so there the password is not stored at all.
The functions that handle storing and retrieving the passwords are in
src/gnome-utils/gnc-keyring.[ch]
They have proper doxygen descriptions which can be found here:
http://svn.gnucash.org/docs/HEAD/group__GUIUtility.html
Probably the choice of doxygen group is not too good and makes it harder
to find these.
GnuCash attempts to read the password from the keychain when a user
attempts to open a database backed book and didn't specify a password.
This happens in
src/gnome-utils/gnc-file.c:675
If no keychain is available or no password could be retrieved from it,
the user is presented with a password prompt.
GnuCash attempts to store/update a password near the end of a open or
save as post processing step. This is after the database calls to load
or save the db were verified to be successful. This happens in
src/gnome-utils/gnc-file.c:856 and
src/gnome-utils/gnc-file.c:1481
This allows the user to open the database again in the future with the
same password automatically. Until now that was in line with our
security policy, but if you intend to protect the db with a password, it
obviously shouldn't be stored by default. Instead I think this should be
an option in the save/open dialogs.
Does this help ?
Geert
More information about the gnucash-devel
mailing list