]> git.ipfire.org Git - thirdparty/sqlalchemy/sqlalchemy.git/commitdiff
Add note regarding encryption-related pragmas
authorFederico Caselli <cfederico87@gmail.com>
Mon, 7 Jun 2021 19:14:05 +0000 (21:14 +0200)
committerFederico Caselli <cfederico87@gmail.com>
Mon, 7 Jun 2021 19:34:22 +0000 (21:34 +0200)
passed in the url in pysqlcipher.

Fixes: #6589
Change-Id: I86f93f84ef2bd374c4832a70e26e4901d024ed4b
(cherry picked from commit 170b97fa45342622b476df3a89bcd3154056ce65)

doc/build/changelog/unreleased_13/6589.rst [new file with mode: 0644]
lib/sqlalchemy/dialects/sqlite/pysqlcipher.py

diff --git a/doc/build/changelog/unreleased_13/6589.rst b/doc/build/changelog/unreleased_13/6589.rst
new file mode 100644 (file)
index 0000000..7d7530e
--- /dev/null
@@ -0,0 +1,6 @@
+.. change::
+    :tags: bug, pysqlcipher
+    :tickets: 6589
+    :versions: 1.4.18
+
+    Add note regarding encryption-related pragmas passed in the url.
index 115b2f6553831b9408ebbca0658bef5ff5be5373..7f6dd83774d6db9bacf93eb81956e494f414341f 100644 (file)
@@ -49,13 +49,15 @@ database name::
 
     e = create_engine('sqlite+pysqlcipher://:testing@//path/to/foo.db')
 
-A selection of additional encryption-related pragmas supported by SQLCipher
-as documented at https://www.zetetic.net/sqlcipher/sqlcipher-api/ can be passed
-in the query string, and will result in that PRAGMA being called for each
-new connection.  Currently, ``cipher``, ``kdf_iter``
-``cipher_page_size`` and ``cipher_use_hmac`` are supported::
+Additional encryption-related pragmas must be executed manually,
+using the ``first_connect`` pool event. A selection of the pragmas supported
+by SQLCipher is documented at
+https://www.zetetic.net/sqlcipher/sqlcipher-api/.
 
-    e = create_engine('sqlite+pysqlcipher://:testing@/foo.db?cipher=aes-256-cfb&kdf_iter=64000')
+.. warning:: Previously the documentation wrongly stated that these
+   pragma could be passed in the url string. This has never worked
+   for the 1.3 series of sqlalchemy. The 1.4 series adds proper
+   support for them when passed in the url string.
 
 
 Pooling Behavior
@@ -88,8 +90,6 @@ from ...engine import url as _url
 class SQLiteDialect_pysqlcipher(SQLiteDialect_pysqlite):
     driver = "pysqlcipher"
 
-    pragmas = ("kdf_iter", "cipher", "cipher_page_size", "cipher_use_hmac")
-
     @classmethod
     def dbapi(cls):
         try:
@@ -108,15 +108,10 @@ class SQLiteDialect_pysqlcipher(SQLiteDialect_pysqlite):
     def connect(self, *cargs, **cparams):
         passphrase = cparams.pop("passphrase", "")
 
-        pragmas = dict((key, cparams.pop(key, None)) for key in self.pragmas)
-
         conn = super(SQLiteDialect_pysqlcipher, self).connect(
             *cargs, **cparams
         )
         conn.execute('pragma key="%s"' % passphrase)
-        for prag, value in pragmas.items():
-            if value is not None:
-                conn.execute('pragma %s="%s"' % (prag, value))
 
         return conn