[gdal-dev] MSSQL ODBC and password security
Stefan Blumentrath
Stefan.Blumentrath at gmx.de
Fri Nov 25 07:11:52 PST 2022
Hi again,
I saw that my previous email (below) got mangled after my web-mailer newly defaults to HTML format.
Following up, I want to let you know that I now opened a PR:
https://github.com/OSGeo/gdal/pull/6797
in order to address the issue I encountered with login credentials on the command line, when connecting to MS SQL without TrustedConnection.
I am no C++ dev, so any feedback would be greatly appreciated. On my dev setup I currently have no access to MS SQL, so I have not tested the logic yet, but plan to do so early next week.
Feedback, on the principle implementation, obvious coding mistakes or documentation and the like can be addressed also before...
Kind regards, and thanks for keeping GDAL great!
Stefan
Gesendet: Montag, 21. November 2022 um 15:26 Uhr
Von: "Stefan Blumentrath" <Stefan.Blumentrath at gmx.de>
An: gdal-dev at lists.osgeo.org
Betreff: [gdal-dev] MSSQL ODBC and password security
Hi,
recently I have been struggling with secure handling of my username and password in ODBC connections to MS SQL when using GDAL/OGR.
>From my understanding, username and password are not read from odbc.ini files, so I cannot specify a DSN where username and password are predefined in that file...
So, the only alternatives are
a) using trusted connctions and kerberos or
b) provide username and password in the connection string.
Unfortunately, a) is not available to me. While a file name with username and password is not ideal, providing username and password on the commandline seems worse, as it leaks many places.
I guess not reading username and password from odbc.ini is a limitation that originates from unixODBC / FreeTDS.
However, it would be great to avoid providing password on the command line in GDAL.
If could use environment variables or a passwordfile (like .pgpass with PostgreSQL) that would be great.
My question is, did I overlook an option to securly handle login info in MSSQL ODBC connections in GDAL?
Cheers
Stefan
_______________________________________________ gdal-dev mailing list gdal-dev at lists.osgeo.org https://lists.osgeo.org/mailman/listinfo/gdal-dev
More information about the gdal-dev
mailing list