Re: Python access to macOS keychain

Nikhil,

A couple of problems. “Always allow” does not sound python pid specific. Are you saying that it is? If I just click “Allow”, I have to do the same for every defined connections even if the connection is not being used. As far as I know I don’t have any stored passwords. I think someone should seriously reconsider how this all works.

I cannot find any place to select “Do not store passwords” which would be fine for me.

Neil

> On Jan 1, 2024, at 4:23 AM, Nikhil Mohite <nikhil(dot)mohite(at)enterprisedb(dot)com> wrote:
>
> Hi Neil,
>
> pgAdmin uses a Keychain to store the pgAdmin server passwords if users opt for save password functionality. Keychain access is Python process-specific. Hence allowing keychain access to the python process requested by pgAdmin will be specific to this python pid. We are trying to add a pgAdmin name in the waring where it asks to allow keychain access.
>
>
> On Sun, Dec 24, 2023 at 10:12 PM Neil <neil(at)fairwindsoft(dot)com <mailto:neil(at)fairwindsoft(dot)com>> wrote:
>> When I start pgAdmin on macOS, I get a request to allow ‘Python' access to my keychain.
>>
>> Allowing ‘Python' unfettered access to my keychain is not acceptable. I would however, allow pgAdmin to access my keychain.
>>
>> I understand that pgAdmin is using python.
>>
>> Can someone explain or point to an explanation about the security implications of allowing ‘Python' to access my keychain?
>>
>> Is this really an unlimited authority for any Python process to access my keychain as the dialog implies?
>>
>> Thanks,
>> Neil
>>
>>
>>
> Thanks,
> Nikhil