#84 password column name in configuration

closed-rejected
nobody
Database (4)
1
2010-04-08
2010-01-04
Gabriel Serme
No

Sometimes you may want to have multiple columns in your database to store your password, or simply have a different name than "password". The problem is that the column name is hard written in source code.

This patch gives you the possibility to change the database password column name for USERS ONLY from the configuration file. Postfixadmin's column password remains "password".

The new config name is : "database_password_column_name", and impacted files are config.inc.php and model/UserHandler.php

Greetings for this new year,
Gabriel

Discussion

  • Gabriel Serme
    Gabriel Serme
    2010-01-04

    password column name in configuration file

     
  • Can you please describe _why_ the additional or renamed password column is useful? At the moment I don't see the advantage. OTOH your patch would make upgrades harder because database changes would be applied to the wrong column etc.

    I'm not totally against merging this patch, but I'd like to know your usecase and reason first. (Maybe we find another solution for your problem, which would be the better way IMHO.)

     
  • Gabriel Serme
    Gabriel Serme
    2010-01-05

    Hi,

    when I created this patch, it was more for information than for mergin request ;)

    In fact, I wrote it because I was unable to change the database password column name in postfixadmin. And I made change recently to my postfix/courier configuration from passwords stored in column named "password" to column named "passcrypt".

    Doing this, I break compatibility with postfixadmin, and for historical reasons I want to keep my column "password". So, to make converge all my authentication in a same place, I modify postfixadmin.

    Also, modifying postfixadmin files directly wasn't a good optoin for me, so I added the property "database_password_column_name".

    If you have another solution, let me know. And thx for your reply.

    Gabriel

     
  • Well, my solution would be to ignore the historical reasons and just use the 'password' column ;-)

    That said: If you are fine with having the same content in the 'password' and 'passcyrpt' column, you can add triggers in your database that update the 'passcrypt' column whenever 'password' is changed. Both MySQL and PostgreSQL support this. Or you can add a view that renames the column at access time (SELECT username, password as passcrypt, ...).

    BTW: Your patch is incomplete - you'll also have to modify create-mailbox.php and edit-mailbox.php that are used in admin mode...

     
    • priority: 5 --> 1
     
  • Gabriel Serme
    Gabriel Serme
    2010-01-05

    No problem, I understand your point and solutions you give are enough to motivate not applying the patch.

    thanks for both create-mailbox and edit-mailbox. I'll fix it on my version.

     
  • GingerDog
    GingerDog
    2010-03-24

    I can see your reasoning for wanting to do this - but I'm a bit wary about merging this patch as it's use is to allow postfixadmin to work with another database schema - if this were the case, then obviously you've got issues with respect to other fields changing (e.g. username)....

    So I'm not sure it should be accepted. Sorry.

     
  • GingerDog
    GingerDog
    2010-03-24

    • status: open --> pending-rejected
     
  • This Tracker item was closed automatically by the system. It was
    previously set to a Pending status, and the original submitter
    did not respond within 14 days (the time period specified by
    the administrator of this Tracker).

     
    • status: pending-rejected --> closed-rejected