Re: [pgAdmin4][Patch]: Allow user to provide custom SSL certificates and provide .pgpass file

Hi Dave,

Attaching updated patch, Please review.

On Mon, Sep 4, 2017 at 7:31 PM, Dave Page <dpage(at)pgadmin(dot)org> wrote:

> Hi
>
> On Mon, Sep 4, 2017 at 2:55 PM, Murtuza Zabuawala <
> murtuza(dot)zabuawala(at)enterprisedb(dot)com> wrote:
>
>> Hi Dave,
>>
>> Can we at least commit the patch?
>>
>> In future, If user complaints regarding SSL default path behaviour in
>> server mode then adding default null file wouldn't be a big change if
>> required.
>>
>
> I'm not concerned about complaints on the behaviour, I'm concerned about
> complaints that it's a security risk if we have multiple users
> inadvertently able to read a certificate and key owned by the webserver
> account.
>
​Done.
Added logic to handle default certificates in Web mode. ​

>
> Ashesh/Akshay - please read the thread and provide your feedback. Others
> chime in if you have anything as well please.
>
> Thanks.
>
>
>>
>> On Wed, Aug 30, 2017 at 2:23 PM, Dave Page <dpage(at)pgadmin(dot)org> wrote:
>>
>>> Hi
>>>
>>> On Wed, Aug 30, 2017 at 6:49 AM, Murtuza Zabuawala <
>>> murtuza(dot)zabuawala(at)enterprisedb(dot)com> wrote:
>>>
>>>> Hi Dave,
>>>>
>>>> PFA updated patch with new screenshots and docs accordingly.
>>>>
>>>> RM
>>>> ​#​
>>>> 2649
>>>> ​ & RM#​
>>>> 2650
>>>>
>>>> On Tue, Aug 29, 2017 at 7:51 PM, Dave Page <dpage(at)pgadmin(dot)org> wrote:
>>>>
>>>>> Hi
>>>>>
>>>>> On Fri, Aug 25, 2017 at 2:45 PM, Murtuza Zabuawala <
>>>>> murtuza(dot)zabuawala(at)enterprisedb(dot)com> wrote:
>>>>>
>>>>>> Hi Dave,
>>>>>>
>>>>>> Please find updated patch,
>>>>>> - For displaying hidden files I have added preference option in
>>>>>> Storage section.
>>>>>>
>>>>>
>>>>> How painful would it be to include it on the file dialogue as well?
>>>>>
>>>> ​Done​
>>>>
>>>>
>>>>>
>>>>>
>>>>>> - Updated Docs & Screenshots.
>>>>>> - User can use 'prefer' option to enable SSL options.
>>>>>>
>>>>>
>>>>> Cool.
>>>>>
>>>>> A couple of other things I realised in playing with this:
>>>>>
>>>>> 1) The SSL tab should come before Advanced I think.
>>>>>
>>>> ​Done​
>>>>
>>>>
>>>>>
>>>>> 2) The docs now mention the default SSL files. In server mode, using
>>>>> defaults is probably a bad idea I suspect (because they would be shared).
>>>>> Should we force the values to /dev/null (and whatever is appropriate on
>>>>> Windows) if running in server mode? Users can always override that with
>>>>> something from their storage area.
>>>>>
>>>>> Thoughts?
>>>>>
>>>> ​In my opinion we should not ​force users to provide certificates, we
>>>> can let them decide how they want to configure it.
>>>>
>>>
>>> It's not about forcing them to provide them, it's about preventing them
>>> from using defaults which may be owned by the user that the app runs as on
>>> a server, but that should not be (unless explicitly allowed by the
>>> sysadmin) accessible to every pgAdmin user.
>>>
>>> Thoughts from others? Ashesh?
>>>
>>> --
>>> Dave Page
>>> Blog: http://pgsnake.blogspot.com
>>> Twitter: @pgsnake
>>>
>>> EnterpriseDB UK: http://www.enterprisedb.com
>>> The Enterprise PostgreSQL Company
>>>
>>
>>
>
>
> --
> Dave Page
> Blog: http://pgsnake.blogspot.com
> Twitter: @pgsnake
>
> EnterpriseDB UK: http://www.enterprisedb.com
> The Enterprise PostgreSQL Company
>