-
-
Notifications
You must be signed in to change notification settings - Fork 2.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
MSSQLSPATIAL: Get UID and PWD from environment variable #6797
Conversation
@@ -690,6 +690,9 @@ int OGRMSSQLSpatialDataSource::Open( const char * pszNewName, bool bUpdate, | |||
char* pszGeometryFormat = nullptr; | |||
char* pszConnectionName = CPLStrdup(pszNewName + 6); | |||
char* pszDriver = nullptr; | |||
char* pszUID = nullptr; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
those variables should also be free'd towards the end of the method
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
See: 2db0d53
nCurrent, nNext, nTerm, FALSE)) | ||
continue; | ||
|
||
if (ParseValue(&pszTrustedConnection, pszConnectionName, "trustedconnection=", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
pszTrustedConnection not used currently
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Originally, I planned not to query UID
and PWD
if TrustedConnection
is specified in the connection string. But then I thought, that if env variables are set, that has been deliberate too. So, if UID and PWD are defined in the environment variables, it may be safe to add it anyway.
Alternatively, the block where UID and PWD are injected in the connection string can be only executed only if the connection string dies not contain TrustedConnection
... Let me know what you prefer...
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Let me know what you prefer...
no idea. I'm not familiar at all with MSSQLSpatial authentication. But I don't really understand your comment: I don't see anything in the code (latest version) that tests for "trustedconnection".
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sorry for not being clear. yes, with the latest commit I removed the check trusted_connection. In the comment I just wanted to clarify, why I added it at first...
I am no MS SQL expert either. A second look at the authentication documentation tells me, that trusted_connection can also be stored in the odbc.ini as part of the DSN. So it will not be part of the connection string.
Therefore, I think the current implementation that does not check for that keyword is appropriate. If a user creates the MSSQLSPATIAL_UID and MSSQLSPATIAL_PWD environment variables, they are used and get priority over trusted_connection.
A bit more clarification in the docs can be useful. Will have a look at that...
CC @szekerest |
through username (**UID**) and password (**PWD**). As providing username | ||
and password on the commandline can be a security issue, login credentials | ||
can also be more securely stored in user defined environment variables | ||
*MSSQLSPATIAL_UID* and *MSSQLSPATIAL_PWD*. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'd suggest to use GDAL-specific names GDAL_MSSQLSPATIAL_UID
and GDAL_MSSQLSPATIAL_PWD
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Well, existing config options https://gdal.org/drivers/vector/mssqlspatial.html#configuration-options all starts with MSSQLSPATIAL_
, so better keep with that scheme
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The docs call these two environment variables, but I guess they are not distinguished from config options
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
they are queried with CPLGetConfigOption(), so can be set through env. variable or config options
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I` ll go with whatever name for the variables you prefer...
Co-authored-by: Even Rouault <even.rouault@spatialys.com>
Co-authored-by: Even Rouault <even.rouault@spatialys.com>
|
||
export MSSQLSPATIAL_UID=user | ||
export MSSQLSPATIAL_PWD=pwd | ||
ogrinfo -al MSSQL:server=.\MSSQLSERVER2008;database=geodb;trusted_connection=no |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
is is trusted_connection or trustedconnection ? There's a mix of boths in your PR
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for pointing that out. It should be trusted_connection. Will double check and fix accordingly.
I just tested the code in this PR with an internal MS SQL Server and can confirm that it works as expected. The authentication documentation for the driver could be improved. The challenge however is, that authentication is handled differently for different OS (MS Windows vs. unix like systems), and different drivers. On MS Windows, neither driver nor authentication method needs to be provided, internal ones are used by default. And no odbc.ini is needed at all. On Linux, the FreeTDS driver for example uses the ServerName keyword, if no DSN is used that is defined in a odbc.ini, while the ODBC driver from Microsoft uses the server keyword. If you consider such detailed documentation useful, I can add some sentences to the docs. Otherwise, I would limit documentation changes to the added functionality... |
I'd say just finalize this PR with its current scope, which should be just a matter of integrating the proposed change I made regarding TrustedConnection -> trusted_connection. |
Co-authored-by: Even Rouault <even.rouault@spatialys.com>
Fine with me. I just committed the proposed change. Do you see any chance to backport this? It is minor, yet security related change... |
MS SQL supports only two authentication modes:
TrustedConnection
or username and password given asUID
andPWD
in the connection string.If
TrustedConnection
is not avaialable, login credentials can be exposed to other users when command line tools (ogrinfo or ogr2ogr) are used.A somewhat more secure way to handle login information, is to store it in environment variables.
What does this PR do?
This PR allows the
MSSQLSPATIAL
driver to fetchUID
andPWD
from environment variablesMSSQLSPATIAL_UID
andMSSQLSPATIAL_PWD
, if no other authentication information is provided. That wayUID
andPWD
do not have to be provided on the command line.Tasklist
Environment