Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Prompt for userId and password in commandline mode #724

Closed
sachin-walia opened this issue Mar 29, 2014 · 14 comments
Closed

Prompt for userId and password in commandline mode #724

sachin-walia opened this issue Mar 29, 2014 · 14 comments

Comments

@sachin-walia
Copy link

@sachin-walia sachin-walia commented Mar 29, 2014

I think it is difficult to implement userId and password encryption in flyway.conf file without making other compromises such as exposing encryption keys. How about if in commandline mode flyway prompts user for database credentials? That would still be very secure compared to storing in clear text in conf file.

@axelfontaine
Copy link
Contributor

@axelfontaine axelfontaine commented Mar 30, 2014

Thank you for your suggestion. You can always pass these in with -user=xzy -password=blablabla with dmeans there is no need to hardcode these in files.

I don't want to go beyond this. Won't fix.

@akhudek
Copy link

@akhudek akhudek commented Nov 1, 2014

The command line arguments are not secure as they can be captured by things such as shell history and other accounting tools. This is a serious issue.

@axelfontaine
Copy link
Contributor

@axelfontaine axelfontaine commented Nov 1, 2014

@akhudek You can put them in a config file to eliminate this issue.

@akhudek
Copy link

@akhudek akhudek commented Nov 1, 2014

Unfortunately we need to operate in some environments where we cannot store cleartext passwords in files due to regulations. We'll probably resort to building our own command line client wrapper to get around this problem. It would certainly be helpful to have an option to prompt for a password in the distributed command line client though.

@axelfontaine
Copy link
Contributor

@axelfontaine axelfontaine commented Nov 1, 2014

Fair point. Reopening.

@PredatorVI
Copy link

@PredatorVI PredatorVI commented Jul 8, 2015

Pull request for fix submitted. I'm new to the GitHub process. Hopefully it gets accepted and released soon.

axelfontaine added a commit to flyway/flywaydb.org that referenced this issue Oct 2, 2015
@axelfontaine
Copy link
Contributor

@axelfontaine axelfontaine commented Oct 2, 2015

This has now been fixed. Prompting will happen automatically if either user or password have not been supplied via any other means.

Cheers
Axel

@smanoharaw
Copy link

@smanoharaw smanoharaw commented Dec 11, 2015

Hi axelfontaine,
I love the product. I tested it yesterday on my Oracle db. very easy to use. But I really need the passwordPrompt functionality? Where can I get the flyway version with this? Or, if I could get the code I can create the jar file? Please let me know how to go about this. We are going live in a month or so.
Thanks

@ghost
Copy link

@ghost ghost commented Mar 13, 2016

Hello,
I'm using version 4.0 and didn't supply a password but not getting prompted. Anything I'm doing wrong here?

flyway.conf
#flyway.password=

[szxnyc@orbiter scripts]$ flyway info
Flyway 4.0 by Boxfuse

ERROR: Unable to obtain Jdbc connection from DataSource (jdbc:mysql://localhost:3306/mydb) for user 'devuser': Could not connect: Access denied for user 'devuser'@'localhost' (using password: NO)
@PredatorVI
Copy link

@PredatorVI PredatorVI commented Mar 14, 2016

I downloaded the latest client as well and verified this is not working. I pulled the latest code in order to debug it but can't seem to build it due to missing dependencies:

Building flyway-core:
Failed to execute goal on project flyway-core: Could not resolve dependencies for project org.flywaydb:flyway-core:jar:0-SNAPSHOT: The following artifacts could not be resolved: sqlline:sqlline:jar:1.1.8, com.sap.db.jdbc:ngdbc:jar:1.103.0: Failure to find sqlline:sqlline:jar:1.1.8 in mynexus

The only version of sqlline available in maven central is version 1.1.9.

Building flyway-commandline:
The following artifacts could not be resolved: com.oracle:server-jre:tar.gz:windows-x64:8.74, com.oracle:server-jre:tar.gz:linux-x64:8.74, com.oracle:jre:tar.gz:macosx-x64:8.74: Could not find artifact com.oracle:server-jre:tar.gz:windows-x64:8.74 in mynexus.
If I need to install custom maven artifacts there doesn't seem to be any instructions on what is needed or where to get it.

If it takes another 9 months to get a release with this in it, I'm going to be very frustrated.

@smanoharaw
Copy link

@smanoharaw smanoharaw commented Mar 14, 2016

I moved to liquibase since this feature is not working in flyway.

Thanks,

Sadhana

From: Steven Zgaljic [mailto:notifications@github.com]
Sent: Sunday, March 13, 2016 5:35 PM
To: flyway/flyway
Cc: Sadhana Manohar
Subject: Re: [flyway] Prompt for userId and password in commandline mode (#724)

Hello,
I'm using version 4.0 and didn't supply a password but not getting prompted. Anything I'm doing wrong here?

flyway.conf
#flyway.password=

[szxnyc@orbiter scripts]$ flyway info
Flyway 4.0 by Boxfuse

ERROR: Unable to obtain Jdbc connection from DataSource (jdbc:mysql://localhost:3306/mydb) for user 'devuser': Could not connect: Access denied for user 'devuser'@'localhost' (using password: NO)


Reply to this email directly or view it on GitHub #724 (comment) .Image removed by sender.

@axelfontaine
Copy link
Contributor

@axelfontaine axelfontaine commented Mar 14, 2016

Build instructions are available here: https://flywaydb.org/documentation/contribute/code/setup and here https://flywaydb.org/documentation/contribute/code/database

You can avoid all those DB-specific dependencies by using -DskipTests

@PredatorVI
Copy link

@PredatorVI PredatorVI commented Mar 14, 2016

@axelfontaine Thanks for the fix. When might we see an official release build?

Also for the sake of trying to get this thing to build, it still tries to build tests and fails finding sqlline.

Per https://maven.apache.org/surefire/maven-surefire-plugin/examples/skipping-test.html, -DskipTests only skips execution, not compile. I tried both -DskipTests and -Dmaven.test.skip=true with no change in the compile error.

So, it still seems to have a non-test dependency that requires sqlline:sqlline:1.1.8 (which is no longer available in Maven Central). I've included abbreviated output below of each command:

C:\Flyway> mvn -version

Apache Maven 3.3.9 (bb52d8502b132ec0a5a3f4c09453c07478323dc5; 2015-11-10T09:41:4
7-07:00)
Maven home: C:\Dropbox\Tools\apache-maven-3.3.9\bin..
Java version: 1.8.0_74, vendor: Oracle Corporation
Java home: C:\Program Files\Java\jdk1.8.0_74\jre
Default locale: en_US, platform encoding: Cp1252
OS name: "windows 7", version: "6.1", arch: "amd64", family: "dos"

C:\Flyway> mvn install -P-InstallableDBTest -P-CommercialDBTest

[INFO] Scanning for projects...
...
[INFO] ------------------------------------------------------------------------
[INFO] Building flyway-core 0-SNAPSHOT
[INFO] ------------------------------------------------------------------------
[WARNING] The POM for sqlline:sqlline:jar:1.1.8 is missing, no dependency inform
ation available
...
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 4.643 s
[INFO] Finished at: 2016-03-14T11:33:19-06:00
[INFO] Final Memory: 23M/435M
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal on project flyway-core: Could not resolve depende
ncies for project org.flywaydb:flyway-core:jar:0-SNAPSHOT: Failure to find sqlli
ne:sqlline:jar:1.1.8 in nexus
...

C:\Flyway> mvn clean compile -DskipTests -Dmaven.test.skip=true

[INFO] Scanning for projects...
...
[INFO] ------------------------------------------------------------------------
[INFO] Building flyway-core 0-SNAPSHOT
[INFO] ------------------------------------------------------------------------
[WARNING] The POM for sqlline:sqlline:jar:1.1.8 is missing, no dependency inform
ation available
...
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 3.000 s
[INFO] Finished at: 2016-03-14T11:20:34-06:00
[INFO] Final Memory: 18M/304M
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal on project flyway-core: Could not resolve depende
ncies for project org.flywaydb:flyway-core:jar:0-SNAPSHOT: Failure to find sqlli
ne:sqlline:jar:1.1.8 in nexus
...

@grobmeier
Copy link

@grobmeier grobmeier commented Apr 11, 2016

@PredatorVI I made the build work with running this command:

mvn install -P-InstallableDBTest -P-CommercialDBTest -P-CommandlinePlatformAssemblies -DskipTests=true

The first part I got from the docs:
https://flywaydb.org/documentation/contribute/code/database

The second part is from the CLI maven pom:
https://github.com/flyway/flyway/blob/master/flyway-commandline/pom.xml#L10

And I can confirm the issue is gone for me (mysql)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
6 participants