From: | Murtuza Zabuawala <murtuza(dot)zabuawala(at)enterprisedb(dot)com> |
---|---|
To: | Dave Page <dpage(at)pgadmin(dot)org> |
Cc: | pgadmin-hackers <pgadmin-hackers(at)postgresql(dot)org>, Ashesh Vashi <ashesh(dot)vashi(at)enterprisedb(dot)com>, Akshay Joshi <akshay(dot)joshi(at)enterprisedb(dot)com> |
Subject: | Re: [pgAdmin4][Patch]: Allow user to provide custom SSL certificates and provide .pgpass file |
Date: | 2017-09-25 17:34:10 |
Message-ID: | CAKKotZTsn6MLqpONmio21J4nnaFaFCn_P6W3pdYE=7dpjzLcRw@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgadmin-hackers |
Hi Dave,
Attaching updated patch, Please review.
On Mon, Sep 4, 2017 at 7:31 PM, Dave Page <dpage(at)pgadmin(dot)org> wrote:
> Hi
>
> On Mon, Sep 4, 2017 at 2:55 PM, Murtuza Zabuawala <
> murtuza(dot)zabuawala(at)enterprisedb(dot)com> wrote:
>
>> Hi Dave,
>>
>> Can we at least commit the patch?
>>
>> In future, If user complaints regarding SSL default path behaviour in
>> server mode then adding default null file wouldn't be a big change if
>> required.
>>
>
> I'm not concerned about complaints on the behaviour, I'm concerned about
> complaints that it's a security risk if we have multiple users
> inadvertently able to read a certificate and key owned by the webserver
> account.
>
Done.
Added logic to handle default certificates in Web mode.
>
> Ashesh/Akshay - please read the thread and provide your feedback. Others
> chime in if you have anything as well please.
>
> Thanks.
>
>
>>
>> On Wed, Aug 30, 2017 at 2:23 PM, Dave Page <dpage(at)pgadmin(dot)org> wrote:
>>
>>> Hi
>>>
>>> On Wed, Aug 30, 2017 at 6:49 AM, Murtuza Zabuawala <
>>> murtuza(dot)zabuawala(at)enterprisedb(dot)com> wrote:
>>>
>>>> Hi Dave,
>>>>
>>>> PFA updated patch with new screenshots and docs accordingly.
>>>>
>>>> RM
>>>> #
>>>> 2649
>>>> & RM#
>>>> 2650
>>>>
>>>> On Tue, Aug 29, 2017 at 7:51 PM, Dave Page <dpage(at)pgadmin(dot)org> wrote:
>>>>
>>>>> Hi
>>>>>
>>>>> On Fri, Aug 25, 2017 at 2:45 PM, Murtuza Zabuawala <
>>>>> murtuza(dot)zabuawala(at)enterprisedb(dot)com> wrote:
>>>>>
>>>>>> Hi Dave,
>>>>>>
>>>>>> Please find updated patch,
>>>>>> - For displaying hidden files I have added preference option in
>>>>>> Storage section.
>>>>>>
>>>>>
>>>>> How painful would it be to include it on the file dialogue as well?
>>>>>
>>>> Done
>>>>
>>>>
>>>>>
>>>>>
>>>>>> - Updated Docs & Screenshots.
>>>>>> - User can use 'prefer' option to enable SSL options.
>>>>>>
>>>>>
>>>>> Cool.
>>>>>
>>>>> A couple of other things I realised in playing with this:
>>>>>
>>>>> 1) The SSL tab should come before Advanced I think.
>>>>>
>>>> Done
>>>>
>>>>
>>>>>
>>>>> 2) The docs now mention the default SSL files. In server mode, using
>>>>> defaults is probably a bad idea I suspect (because they would be shared).
>>>>> Should we force the values to /dev/null (and whatever is appropriate on
>>>>> Windows) if running in server mode? Users can always override that with
>>>>> something from their storage area.
>>>>>
>>>>> Thoughts?
>>>>>
>>>> In my opinion we should not force users to provide certificates, we
>>>> can let them decide how they want to configure it.
>>>>
>>>
>>> It's not about forcing them to provide them, it's about preventing them
>>> from using defaults which may be owned by the user that the app runs as on
>>> a server, but that should not be (unless explicitly allowed by the
>>> sysadmin) accessible to every pgAdmin user.
>>>
>>> Thoughts from others? Ashesh?
>>>
>>> --
>>> Dave Page
>>> Blog: http://pgsnake.blogspot.com
>>> Twitter: @pgsnake
>>>
>>> EnterpriseDB UK: http://www.enterprisedb.com
>>> The Enterprise PostgreSQL Company
>>>
>>
>>
>
>
> --
> Dave Page
> Blog: http://pgsnake.blogspot.com
> Twitter: @pgsnake
>
> EnterpriseDB UK: http://www.enterprisedb.com
> The Enterprise PostgreSQL Company
>
Attachment | Content-Type | Size |
---|---|---|
add_ssl_params_v4.diff | text/plain | 482.4 KB |
From | Date | Subject | |
---|---|---|---|
Next Message | Ashesh Vashi | 2017-09-27 02:12:46 | pgAdmin 4 commit: Upgraded the font-mfizz to latest version (v:2.4.1) t |
Previous Message | Dave Page | 2017-09-25 11:35:42 | pgAdmin 4 v2.0 GA build |