Skip to content

Safe postgres jdbc#134

Draft
ostinru wants to merge 5 commits into
mainfrom
safe-postgres-jdbc
Draft

Safe postgres jdbc#134
ostinru wants to merge 5 commits into
mainfrom
safe-postgres-jdbc

Conversation

@ostinru

@ostinru ostinru commented Jul 17, 2026

Copy link
Copy Markdown
Collaborator

Prevent pxf-jdbc from reading .gppass. It may not be obvious for database admins (and it is not documented). Recommended way - is to store password in jdbc-site.xml

Artem3213212 and others added 4 commits July 17, 2026 16:38
* hide .pgpass values
`java.net.URI` is not proper tool to parse JDBC connections strings:
* it fails to parse schemas that contains ':'. For example, `jdbc:postgres://` and `jdbc:sqlserver://` will fail to parse.
* Also it won't work with mircosoft jdbc that doesn't use `?` as separator between hostname and query parameters[1]. For example, in jdbcUrl `jdbc:sqlserver://localhost:1433;databaseName=db1;user=admin` it will not extract `user` field.

**Solution**: Use `Driver.parseURL` for postgresql and do not check other drivers.

[1] https://learn.microsoft.com/en-us/sql/connect/jdbc/using-the-jdbc-driver?view=sql-server-ver17#make-a-simple-connection-to-a-database
@ostinru

ostinru commented Jul 17, 2026

Copy link
Copy Markdown
Collaborator Author

I figured out one example when users don't need password specified - when pg_hba on target PostgreSQL is configured to trust user. However I don't think that this is production configuration.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants