| From: | Yogesh Mahajan <yogesh(dot)mahajan(at)enterprisedb(dot)com> |
|---|---|
| To: | Dave Page <dpage(at)pgadmin(dot)org> |
| Cc: | pgadmin-hackers <pgadmin-hackers(at)postgresql(dot)org> |
| Subject: | Re: #7076 - Keychain access on Mac |
| Date: | 2024-08-08 12:37:30 |
| Message-ID: | CAMa=N=NRyCRgQFUJmLa5pc6BXUrO75qA5MC65L=a39sEua-zMg@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgadmin-hackers |
Hi,
On Thu, Aug 8, 2024 at 5:58 PM Dave Page <dpage(at)pgadmin(dot)org> wrote:
>
>
> On Mon, 5 Aug 2024 at 13:27, Yogesh Mahajan <
> yogesh(dot)mahajan(at)enterprisedb(dot)com> wrote:
>
>> Hi Hackers,
>>
>> Issue #7076 <https://github.com/pgadmin-org/pgadmin4/issues/7076> has
>> been reported by many Mac users. Issue has popped up when python binary
>> version is changed for the pgadmin.
>>
>> To save server passwords, pgadmin uses os level secret storage (in case
>> of Mac it is keyring) and adds an entry for each save password. Whenever
>> the python binary version is changed, keychain (python lib used to access
>> keychain) asks for a password 2 times for accessing each entry. If you have
>> 10 servers, then it will ask for 20 times.
>>
>> To fix the issue, pgadmin will follow the same approach as chrome.
>> 1.An encryption key will be auto-generated and will be stored in the
>> keychain.
>> 2.Whenever save password request is received, encryption key will be used
>> to encrypt password and encrypted password will be saved in the pgadmin
>> database.
>> 3.Similarly, while retrieving the password, encryption will be pulled
>> from the keychain and will be used to decrypt the password.
>> This will reduce password asks to 2 times on python binary version change.
>>
>
> That sounds almost like returning to the way things used to work with the
> master password, except we auto-generate it, and store that in the keychain.
>
Yeah.
> I assume we'd do the same on all platforms, using whatever the equivalent
> store is on each?
>
Yes we will be doing the same on all supported platforms.
>
> Any idea why it asks for the login password twice per access on macOS?
>
This <https://github.com/jaraco/keyring/issues/644> is a known issue for
keyring python lib. And this <https://github.com/jaraco/keyring/issues/619>
one where the keychain asks for a password for accessing each entry.
> --
> Dave Page
> pgAdmin: https://www.pgadmin.org
> PostgreSQL: https://www.postgresql.org
> EDB: https://www.enterprisedb.com
>
> PGDay UK 2024, 11th September, London: https://2024.pgday.uk/
>
Thanks,
Yogesh Mahajan
EnterpriseDB
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Dave Page | 2024-08-08 12:44:01 | Re: #7076 - Keychain access on Mac |
| Previous Message | Dave Page | 2024-08-08 12:27:58 | Re: #7076 - Keychain access on Mac |