SQL backend: Where do we store the password?

Geert Janssens janssens-geert at telenet.be
Wed Jul 3 12:58:48 EDT 2013


On 02-07-13 20:53, Christian Stimming wrote:
> Dear Geert or John or whoever knows this,
>
> where does gnucash store the database password for MySQL or PostgreSQL
> backend? It stores the database name, host, and username directly in the URI,
> which is also visible in the file history. The URI (without the password) is
> also stored in gconf and can be observed there, as well in ~/.gnucash/books as
> a file name.
>
> But where is the password? It is obviously stored somewhere, because it will
> not be asked for next time, and when I change the database password
> separately, gnucash will no longer open the book. But where...?
>
> Take this question as a confirmation that this fact isn't documented well
> enough. At least I didn't find anything in the wiki or in the source code.
>
> Regards,
>
> Christian
> _______________________________________________
> gnucash-devel mailing list
> gnucash-devel at gnucash.org
> https://lists.gnucash.org/mailman/listinfo/gnucash-devel
On platforms that have a system wide pasword manager, the password is 
stored in there. On linux systems, the gnome keyring is used. On OS X, 
Apple's keychain is used. On Windows I couldn't find any system wide 
password manager so there the password is not stored at all.

The functions that handle storing and retrieving the passwords are in
src/gnome-utils/gnc-keyring.[ch]
They have proper doxygen descriptions which can be found here:
http://svn.gnucash.org/docs/HEAD/group__GUIUtility.html

Probably the choice of doxygen group is not too good and makes it harder 
to find these.

GnuCash attempts to read the password from the keychain when a user 
attempts to open a database backed book and didn't specify a password. 
This happens in
src/gnome-utils/gnc-file.c:675

If no keychain is available or no password could be retrieved from it, 
the user is presented with a password prompt.

GnuCash attempts to store/update a password near the end of a open or 
save as post processing step. This is after the database calls to load 
or save the db were verified to be successful. This happens in
src/gnome-utils/gnc-file.c:856 and
src/gnome-utils/gnc-file.c:1481

This allows the user to open the database again in the future with the 
same password automatically. Until now that was in line with our 
security policy, but if you intend to protect the db with a password, it 
obviously shouldn't be stored by default. Instead I think this should be 
an option in the save/open dialogs.

Does this help ?

Geert



More information about the gnucash-devel mailing list