I use jasperstarter to access a PostgreSQL database. AFAIS the only way to access the database is to give the password on the commandline with the -p option. This is not common in other tools and may lead to security breaches. The password can be seen by other processes on the same machine in "/proc/xxxx/cmdline" and it may be written to the bash history.
Other tools allow to have a separate file for the password store. After thinking about it (and after reading https://sourceforge.net/p/jasperstarter/discussion/general/thread/7145360df8/ ) my idea is that a wayx to read an jasperstudio connection.xml file would be the best solution. Reading the psql standard file "~/.pgpass" may also be an idea. Or one does an separate file and we need an option to use it.
What do you think?
PS: Hi, Volker! Did not see you for a long time. I was happy to see jasperstarter. It is a great work! Thanks for doing it.
Hi Thomas,
sorry for late answer. It seems that the notification email went into spam...
you can use
http://jasperstarter.cenote.de/usage.html#Command_files
Don't know why I did not mention it in the forum...
I did not take a look at that connection.xml till now. Is there any benefit compared too the command file. (the command file is a feature of the parser library used by JasperStarter https://argparse4j.github.io/usage.html#fromfileprefix).
Storing passwords in files has always a bad taste...
Database connections are unencrypted, so hiding the password of the configuration solves only half of the problem
Any help is always welcome
Best Regards
Volker