| From: | Dave Page <dpage(at)pgadmin(dot)org> |
|---|---|
| To: | Murtuza Zabuawala <murtuza(dot)zabuawala(at)enterprisedb(dot)com> |
| Cc: | pgadmin-hackers <pgadmin-hackers(at)postgresql(dot)org>, Ashesh Vashi <ashesh(dot)vashi(at)enterprisedb(dot)com>, Akshay Joshi <akshay(dot)joshi(at)enterprisedb(dot)com> |
| Subject: | Re: [pgAdmin4][Patch]: Allow user to provide custom SSL certificates and provide .pgpass file |
| Date: | 2017-09-04 14:01:47 |
| Message-ID: | CA+OCxoyeprfb-zvCvg_CX6pT4EruQV=tSMONhpZBBgxF2YWyQA@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgadmin-hackers |
Hi
On Mon, Sep 4, 2017 at 2:55 PM, Murtuza Zabuawala <
murtuza(dot)zabuawala(at)enterprisedb(dot)com> wrote:
> Hi Dave,
>
> Can we at least commit the patch?
>
> In future, If user complaints regarding SSL default path behaviour in
> server mode then adding default null file wouldn't be a big change if
> required.
>
I'm not concerned about complaints on the behaviour, I'm concerned about
complaints that it's a security risk if we have multiple users
inadvertently able to read a certificate and key owned by the webserver
account.
Ashesh/Akshay - please read the thread and provide your feedback. Others
chime in if you have anything as well please.
Thanks.
>
> On Wed, Aug 30, 2017 at 2:23 PM, Dave Page <dpage(at)pgadmin(dot)org> wrote:
>
>> Hi
>>
>> On Wed, Aug 30, 2017 at 6:49 AM, Murtuza Zabuawala <
>> murtuza(dot)zabuawala(at)enterprisedb(dot)com> wrote:
>>
>>> Hi Dave,
>>>
>>> PFA updated patch with new screenshots and docs accordingly.
>>>
>>> RM
>>> #
>>> 2649
>>> & RM#
>>> 2650
>>>
>>> On Tue, Aug 29, 2017 at 7:51 PM, Dave Page <dpage(at)pgadmin(dot)org> wrote:
>>>
>>>> Hi
>>>>
>>>> On Fri, Aug 25, 2017 at 2:45 PM, Murtuza Zabuawala <
>>>> murtuza(dot)zabuawala(at)enterprisedb(dot)com> wrote:
>>>>
>>>>> Hi Dave,
>>>>>
>>>>> Please find updated patch,
>>>>> - For displaying hidden files I have added preference option in
>>>>> Storage section.
>>>>>
>>>>
>>>> How painful would it be to include it on the file dialogue as well?
>>>>
>>> Done
>>>
>>>
>>>>
>>>>
>>>>> - Updated Docs & Screenshots.
>>>>> - User can use 'prefer' option to enable SSL options.
>>>>>
>>>>
>>>> Cool.
>>>>
>>>> A couple of other things I realised in playing with this:
>>>>
>>>> 1) The SSL tab should come before Advanced I think.
>>>>
>>> Done
>>>
>>>
>>>>
>>>> 2) The docs now mention the default SSL files. In server mode, using
>>>> defaults is probably a bad idea I suspect (because they would be shared).
>>>> Should we force the values to /dev/null (and whatever is appropriate on
>>>> Windows) if running in server mode? Users can always override that with
>>>> something from their storage area.
>>>>
>>>> Thoughts?
>>>>
>>> In my opinion we should not force users to provide certificates, we
>>> can let them decide how they want to configure it.
>>>
>>
>> It's not about forcing them to provide them, it's about preventing them
>> from using defaults which may be owned by the user that the app runs as on
>> a server, but that should not be (unless explicitly allowed by the
>> sysadmin) accessible to every pgAdmin user.
>>
>> Thoughts from others? Ashesh?
>>
>> --
>> Dave Page
>> Blog: http://pgsnake.blogspot.com
>> Twitter: @pgsnake
>>
>> EnterpriseDB UK: http://www.enterprisedb.com
>> The Enterprise PostgreSQL Company
>>
>
>
--
Dave Page
Blog: http://pgsnake.blogspot.com
Twitter: @pgsnake
EnterpriseDB UK: http://www.enterprisedb.com
The Enterprise PostgreSQL Company
| From | Date | Subject | |
|---|---|---|---|
| Next Message | pgAdmin 4 Jenkins | 2017-09-04 15:32:10 | Build failed in Jenkins: pgadmin4-master-python27-feature #11 |
| Previous Message | Murtuza Zabuawala | 2017-09-04 13:55:39 | Re: [pgAdmin4][Patch]: Allow user to provide custom SSL certificates and provide .pgpass file |