public inbox for [email protected]
help / color / mirror / Atom feedFrom: Aditya Toshniwal <[email protected]>
To: Akshay Joshi <[email protected]>
Cc: Dave Page <[email protected]>
Cc: pgadmin-hackers <[email protected]>
Subject: Re: Regarding feature "Option to skip Password-Dialog for identity file"
Date: Tue, 30 Sep 2025 11:28:41 +0530
Message-ID: <CAM9w-_kQNzh7kBJuAftKsz9N=q8mgsuWCRWi6rEeZ8XaNpsudw@mail.gmail.com> (raw)
In-Reply-To: <CANxoLDcqZzUp1fG5Y_ovDv4wGPj_JrZAALQ0ArAWg4vL+yCEWg@mail.gmail.com>
References: <CANxoLDch_B=O+zYcOL9=WMabnif8TRe-bxEbCwtkiZ0XXhHF5g@mail.gmail.com>
<CAM9w-_nQoD0WwEWwGaWCKkR1k6R+jpJdyFHSwp8RnvocMt9CBQ@mail.gmail.com>
<CANxoLDcqZzUp1fG5Y_ovDv4wGPj_JrZAALQ0ArAWg4vL+yCEWg@mail.gmail.com>
Hi Akshay,
Even if you show the password dialog for the first time, the above
scenarios are applicable.
For the context of showing the password prompt first time or not - I'm
suggesting we try first and then show the password prompt.
On Tue, Sep 30, 2025 at 11:16 AM Akshay Joshi <[email protected]>
wrote:
> Hi Aditya,
>
> I already mentioned that I tried the same solution you suggested, but
> there are a few combinations where it’s unclear when exactly we should
> prompt for the tunnel password. For example, assuming an SSH tunnel with an
> identity file that does not have a password:
>
> 1.
>
> When a user connects to the server for the first time, the password
> dialog for the database server appears if the password has not been saved.
> If the user enters the wrong password, the error we receive is “SSHTunnel
> failed to create.” In this case, it’s unclear whether we should prompt for
> the tunnel password or not.
> 2.
>
> If the SSH tunnel fails to create for reasons other than
> authentication, the error from the sshtunnel library is not descriptive
> enough. Again, we don’t know whether prompting for the password is
> appropriate.
>
> Suppose we always prompt for the password after a connection attempt. In
> that case, the original issue remains; users don’t want to see a prompt if
> an identity file without a password is provided.
>
> That’s why I believe the solution I proposed is the simplest and most
> user-friendly: if users don’t want to be prompted, they can simply disable
> the prompt option from the server dialog.
>
> On Tue, Sep 30, 2025 at 10:33 AM Aditya Toshniwal <
> [email protected]> wrote:
>
>> Hi Akshay,
>>
>> How about we prompt for password irrespective of what is the error from
>> sshtunnel library?
>> Try to connect without a password for identity file based, if any error
>> comes then ask for password along with displaying the error message. No
>> need to bother what the error is about.
>>
>> On Mon, Sep 29, 2025 at 7:27 PM Akshay Joshi <
>> [email protected]> wrote:
>>
>>> Hi Dave/Hackers,
>>>
>>> I am working on the feature "Option to Skip Password Dialog for Identity
>>> File" #6996 <https://github.com/pgadmin-org/pgadmin4/issues/6996;.
>>>
>>> I initially tried implementing it so that the tunnel password would not
>>> be requested upfront, and would only be prompted on error. However, the
>>> *sshtunnel* library currently returns a generic error message, for
>>> which I have created an issue on the SSHTunnel GitHub repository #305
>>> <https://github.com/pahaz/sshtunnel/issues/305;.
>>>
>>> This approach introduces multiple scenarios for when to prompt for the
>>> tunnel password, making the code more complex and harder to maintain.
>>>
>>> *Proposed solution:*
>>> Add a new switch *"Prompt for password?"* in the server dialog under
>>> the *SSHTunnel* tab. By default, the switch is set to *false* and is
>>> enabled only when the authentication method is *Identity File*. See the
>>> screenshot below for reference.
>>> [image: Screenshot 2025-09-29 at 7.12.17 PM.png]
>>>
>>> Thoughts/suggestions?
>>>
>>>
>>> Akshay Joshi
>>>
>>> Principal Engineer | Engineering Manager | pgAdmin Hacker
>>>
>>> enterprisedb.com
>>>
>>> * Blog*: https://www.enterprisedb.com/akshay-joshi
>>> * GitHub*: https://github.com/akshay-joshi
>>> * LinkedIn*: https:// <http://goog_373708537;
>>> www.linkedin.com/in/akshay-joshi-a9317b14
>>>
>>
>>
>> --
>> Thanks,
>> Aditya Toshniwal
>> pgAdmin Hacker | Sr. Staff SDE II | *enterprisedb.com*
>> <https://www.enterprisedb.com/;
>> "Don't Complain about Heat, Plant a TREE"
>>
>
--
Thanks,
Aditya Toshniwal
pgAdmin Hacker | Sr. Staff SDE II | *enterprisedb.com*
<https://www.enterprisedb.com/;
"Don't Complain about Heat, Plant a TREE"
Attachments:
[image/png] Screenshot 2025-09-29 at 7.12.17 PM.png (138.4K, 3-Screenshot%202025-09-29%20at%207.12.17%E2%80%AFPM.png)
download | view image
view thread (10+ messages) latest in thread
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: [email protected]
Cc: [email protected], [email protected], [email protected]
Subject: Re: Regarding feature "Option to skip Password-Dialog for identity file"
In-Reply-To: <CAM9w-_kQNzh7kBJuAftKsz9N=q8mgsuWCRWi6rEeZ8XaNpsudw@mail.gmail.com>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox