From: Federico Caselli Date: Mon, 7 Jun 2021 19:14:05 +0000 (+0200) Subject: Add note regarding encryption-related pragmas X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=b3adbdd831a0bd442ee4ca7ceb79229dffd348b0;p=thirdparty%2Fsqlalchemy%2Fsqlalchemy.git Add note regarding encryption-related pragmas passed in the url in pysqlcipher. Fixes: #6589 Change-Id: I86f93f84ef2bd374c4832a70e26e4901d024ed4b (cherry picked from commit 170b97fa45342622b476df3a89bcd3154056ce65) --- diff --git a/doc/build/changelog/unreleased_13/6589.rst b/doc/build/changelog/unreleased_13/6589.rst new file mode 100644 index 0000000000..7d7530e967 --- /dev/null +++ b/doc/build/changelog/unreleased_13/6589.rst @@ -0,0 +1,6 @@ +.. change:: + :tags: bug, pysqlcipher + :tickets: 6589 + :versions: 1.4.18 + + Add note regarding encryption-related pragmas passed in the url. diff --git a/lib/sqlalchemy/dialects/sqlite/pysqlcipher.py b/lib/sqlalchemy/dialects/sqlite/pysqlcipher.py index 115b2f6553..7f6dd83774 100644 --- a/lib/sqlalchemy/dialects/sqlite/pysqlcipher.py +++ b/lib/sqlalchemy/dialects/sqlite/pysqlcipher.py @@ -49,13 +49,15 @@ database name:: e = create_engine('sqlite+pysqlcipher://:testing@//path/to/foo.db') -A selection of additional encryption-related pragmas supported by SQLCipher -as documented at https://www.zetetic.net/sqlcipher/sqlcipher-api/ can be passed -in the query string, and will result in that PRAGMA being called for each -new connection. Currently, ``cipher``, ``kdf_iter`` -``cipher_page_size`` and ``cipher_use_hmac`` are supported:: +Additional encryption-related pragmas must be executed manually, +using the ``first_connect`` pool event. A selection of the pragmas supported +by SQLCipher is documented at +https://www.zetetic.net/sqlcipher/sqlcipher-api/. - e = create_engine('sqlite+pysqlcipher://:testing@/foo.db?cipher=aes-256-cfb&kdf_iter=64000') +.. warning:: Previously the documentation wrongly stated that these + pragma could be passed in the url string. This has never worked + for the 1.3 series of sqlalchemy. The 1.4 series adds proper + support for them when passed in the url string. Pooling Behavior @@ -88,8 +90,6 @@ from ...engine import url as _url class SQLiteDialect_pysqlcipher(SQLiteDialect_pysqlite): driver = "pysqlcipher" - pragmas = ("kdf_iter", "cipher", "cipher_page_size", "cipher_use_hmac") - @classmethod def dbapi(cls): try: @@ -108,15 +108,10 @@ class SQLiteDialect_pysqlcipher(SQLiteDialect_pysqlite): def connect(self, *cargs, **cparams): passphrase = cparams.pop("passphrase", "") - pragmas = dict((key, cparams.pop(key, None)) for key in self.pragmas) - conn = super(SQLiteDialect_pysqlcipher, self).connect( *cargs, **cparams ) conn.execute('pragma key="%s"' % passphrase) - for prag, value in pragmas.items(): - if value is not None: - conn.execute('pragma %s="%s"' % (prag, value)) return conn