| From: | Dave Page <dpage(at)pgadmin(dot)org> |
|---|---|
| To: | Yogesh Mahajan <yogesh(dot)mahajan(at)enterprisedb(dot)com> |
| Cc: | pgadmin-hackers <pgadmin-hackers(at)postgresql(dot)org> |
| Subject: | Re: #7076 - Keychain access on Mac |
| Date: | 2024-08-08 12:44:01 |
| Message-ID: | CA+OCxoxB2a3y=QthPBRvdDv+pneK8SG6tK6rHrM=b-RJek=Enw@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgadmin-hackers |
On Thu, 8 Aug 2024 at 13:38, Yogesh Mahajan <yogesh(dot)mahajan(at)enterprisedb(dot)com>
wrote:
>
>
> Hi,
>
> On Thu, Aug 8, 2024 at 5:58 PM Dave Page <dpage(at)pgadmin(dot)org> wrote:
>
>>
>>
>> On Mon, 5 Aug 2024 at 13:27, Yogesh Mahajan <
>> yogesh(dot)mahajan(at)enterprisedb(dot)com> wrote:
>>
>>> Hi Hackers,
>>>
>>> Issue #7076 <https://github.com/pgadmin-org/pgadmin4/issues/7076> has
>>> been reported by many Mac users. Issue has popped up when python binary
>>> version is changed for the pgadmin.
>>>
>>> To save server passwords, pgadmin uses os level secret storage (in case
>>> of Mac it is keyring) and adds an entry for each save password. Whenever
>>> the python binary version is changed, keychain (python lib used to access
>>> keychain) asks for a password 2 times for accessing each entry. If you have
>>> 10 servers, then it will ask for 20 times.
>>>
>>> To fix the issue, pgadmin will follow the same approach as chrome.
>>> 1.An encryption key will be auto-generated and will be stored in the
>>> keychain.
>>> 2.Whenever save password request is received, encryption key will be
>>> used to encrypt password and encrypted password will be saved in the
>>> pgadmin database.
>>> 3.Similarly, while retrieving the password, encryption will be pulled
>>> from the keychain and will be used to decrypt the password.
>>> This will reduce password asks to 2 times on python binary version
>>> change.
>>>
>>
>> That sounds almost like returning to the way things used to work with the
>> master password, except we auto-generate it, and store that in the keychain.
>>
>
> Yeah.
>
>
>> I assume we'd do the same on all platforms, using whatever the equivalent
>> store is on each?
>>
>
> Yes we will be doing the same on all supported platforms.
>
>
>>
>> Any idea why it asks for the login password twice per access on macOS?
>>
>
> This <https://github.com/jaraco/keyring/issues/644> is a known issue for
> keyring python lib. And this
> <https://github.com/jaraco/keyring/issues/619> one where the keychain
> asks for a password for accessing each entry.
>
OK, thanks.
--
Dave Page
pgAdmin: https://www.pgadmin.org
PostgreSQL: https://www.postgresql.org
EDB: https://www.enterprisedb.com
PGDay UK 2024, 11th September, London: https://2024.pgday.uk/
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Yogesh Mahajan | 2024-08-08 12:46:10 | Re: #7076 - Keychain access on Mac |
| Previous Message | Yogesh Mahajan | 2024-08-08 12:37:30 | Re: #7076 - Keychain access on Mac |