From: | FWS Neil <neil(at)fairwindsoft(dot)com> |
---|---|
To: | Nikhil Mohite <nikhil(dot)mohite(at)enterprisedb(dot)com> |
Cc: | pgadmin-support(at)postgresql(dot)org |
Subject: | Re: Python access to macOS keychain |
Date: | 2024-01-02 18:36:21 |
Message-ID: | 158C0CCC-1898-4DC3-942C-A8E6AB869E57@fairwindsoft.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgadmin-support |
Nikhil,
A couple of problems. “Always allow” does not sound python pid specific. Are you saying that it is? If I just click “Allow”, I have to do the same for every defined connections even if the connection is not being used. As far as I know I don’t have any stored passwords. I think someone should seriously reconsider how this all works.
I cannot find any place to select “Do not store passwords” which would be fine for me.
Neil
> On Jan 1, 2024, at 4:23 AM, Nikhil Mohite <nikhil(dot)mohite(at)enterprisedb(dot)com> wrote:
>
> Hi Neil,
>
> pgAdmin uses a Keychain to store the pgAdmin server passwords if users opt for save password functionality. Keychain access is Python process-specific. Hence allowing keychain access to the python process requested by pgAdmin will be specific to this python pid. We are trying to add a pgAdmin name in the waring where it asks to allow keychain access.
>
>
> On Sun, Dec 24, 2023 at 10:12 PM Neil <neil(at)fairwindsoft(dot)com <mailto:neil(at)fairwindsoft(dot)com>> wrote:
>> When I start pgAdmin on macOS, I get a request to allow ‘Python' access to my keychain.
>>
>> Allowing ‘Python' unfettered access to my keychain is not acceptable. I would however, allow pgAdmin to access my keychain.
>>
>> I understand that pgAdmin is using python.
>>
>> Can someone explain or point to an explanation about the security implications of allowing ‘Python' to access my keychain?
>>
>> Is this really an unlimited authority for any Python process to access my keychain as the dialog implies?
>>
>> Thanks,
>> Neil
>>
>>
>>
> Thanks,
> Nikhil
From | Date | Subject | |
---|---|---|---|
Next Message | Aditya Toshniwal | 2024-01-03 12:20:04 | Re: Python access to macOS keychain |
Previous Message | Jose M Barreiro | 2024-01-02 12:52:45 | Re: pgadmin and keycloak |