MSSQLSPATIAL: Get UID and PWD from environment variable #6797
Conversation
ninsbl
changed the title
| @@ -690,6 +690,9 @@ int OGRMSSQLSpatialDataSource::Open( const char * pszNewName, bool bUpdate, | |||
| char* pszGeometryFormat = nullptr; | |||
| char* pszConnectionName = CPLStrdup(pszNewName + 6); | |||
| char* pszDriver = nullptr; | |||
| char* pszUID = nullptr; | |||
There was a problem hiding this comment.
those variables should also be free'd towards the end of the method
| nCurrent, nNext, nTerm, FALSE)) | ||
| continue; | ||
|
|
||
| if (ParseValue(&pszTrustedConnection, pszConnectionName, "trustedconnection=", |
There was a problem hiding this comment.
pszTrustedConnection not used currently
There was a problem hiding this comment.
Originally, I planned not to query UID and PWD if TrustedConnection is specified in the connection string. But then I thought, that if env variables are set, that has been deliberate too. So, if UID and PWD are defined in the environment variables, it may be safe to add it anyway.
Alternatively, the block where UID and PWD are injected in the connection string can be only executed only if the connection string dies not contain TrustedConnection... Let me know what you prefer...
There was a problem hiding this comment.
Let me know what you prefer...
no idea. I'm not familiar at all with MSSQLSpatial authentication. But I don't really understand your comment: I don't see anything in the code (latest version) that tests for "trustedconnection".
There was a problem hiding this comment.
Sorry for not being clear. yes, with the latest commit I removed the check trusted_connection. In the comment I just wanted to clarify, why I added it at first...
I am no MS SQL expert either. A second look at the authentication documentation tells me, that trusted_connection can also be stored in the odbc.ini as part of the DSN. So it will not be part of the connection string.
Therefore, I think the current implementation that does not check for that keyword is appropriate. If a user creates the MSSQLSPATIAL_UID and MSSQLSPATIAL_PWD environment variables, they are used and get priority over trusted_connection.
A bit more clarification in the docs can be useful. Will have a look at that...
|
CC @szekerest |
| through username (**UID**) and password (**PWD**). As providing username | ||
| and password on the commandline can be a security issue, login credentials | ||
| can also be more securely stored in user defined environment variables | ||
| *MSSQLSPATIAL_UID* and *MSSQLSPATIAL_PWD*. |
There was a problem hiding this comment.
I'd suggest to use GDAL-specific names GDAL_MSSQLSPATIAL_UID and GDAL_MSSQLSPATIAL_PWD
There was a problem hiding this comment.
Well, existing config options https://gdal.org/drivers/vector/mssqlspatial.html#configuration-options all starts with MSSQLSPATIAL_, so better keep with that scheme
There was a problem hiding this comment.
The docs call these two environment variables, but I guess they are not distinguished from config options
There was a problem hiding this comment.
they are queried with CPLGetConfigOption(), so can be set through env. variable or config options
There was a problem hiding this comment.
I` ll go with whatever name for the variables you prefer...
Co-authored-by: Even Rouault <even.rouault@spatialys.com>
Co-authored-by: Even Rouault <even.rouault@spatialys.com>
|
|
||
| export MSSQLSPATIAL_UID=user | ||
| export MSSQLSPATIAL_PWD=pwd | ||
| ogrinfo -al MSSQL:server=.\MSSQLSERVER2008;database=geodb;trusted_connection=no |
There was a problem hiding this comment.
is is trusted_connection or trustedconnection ? There's a mix of boths in your PR
There was a problem hiding this comment.
Thanks for pointing that out. It should be trusted_connection. Will double check and fix accordingly.
|
I just tested the code in this PR with an internal MS SQL Server and can confirm that it works as expected. The authentication documentation for the driver could be improved. The challenge however is, that authentication is handled differently for different OS (MS Windows vs. unix like systems), and different drivers. On MS Windows, neither driver nor authentication method needs to be provided, internal ones are used by default. And no odbc.ini is needed at all. On Linux, the FreeTDS driver for example uses the ServerName keyword, if no DSN is used that is defined in a odbc.ini, while the ODBC driver from Microsoft uses the server keyword. If you consider such detailed documentation useful, I can add some sentences to the docs. Otherwise, I would limit documentation changes to the added functionality... |
I'd say just finalize this PR with its current scope, which should be just a matter of integrating the proposed change I made regarding TrustedConnection -> trusted_connection. |
Co-authored-by: Even Rouault <even.rouault@spatialys.com>
ninsbl
changed the title
Fine with me. I just committed the proposed change. Do you see any chance to backport this? It is minor, yet security related change... |
MS SQL supports only two authentication modes:
TrustedConnectionor username and password given asUIDandPWDin the connection string.If
TrustedConnectionis not avaialable, login credentials can be exposed to other users when command line tools (ogrinfo or ogr2ogr) are used.A somewhat more secure way to handle login information, is to store it in environment variables.
What does this PR do?
This PR allows the
MSSQLSPATIALdriver to fetchUIDandPWDfrom environment variablesMSSQLSPATIAL_UIDandMSSQLSPATIAL_PWD, if no other authentication information is provided. That wayUIDandPWDdo not have to be provided on the command line.Tasklist
Environment