Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1sawoY-00CS6l-Hj for pgadmin-hackers@arkaria.postgresql.org; Mon, 05 Aug 2024 12:27:50 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.94.2) (envelope-from ) id 1sawoX-00DQwg-1D for pgadmin-hackers@arkaria.postgresql.org; Mon, 05 Aug 2024 12:27:49 +0000 Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1sawoW-00DQwX-Pw for pgadmin-hackers@lists.postgresql.org; Mon, 05 Aug 2024 12:27:48 +0000 Received: from mail-yb1-xb2a.google.com ([2607:f8b0:4864:20::b2a]) by magus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.94.2) (envelope-from ) id 1sawoT-003ITb-K9 for pgadmin-hackers@postgresql.org; Mon, 05 Aug 2024 12:27:47 +0000 Received: by mail-yb1-xb2a.google.com with SMTP id 3f1490d57ef6-e0b9d344d66so6502700276.1 for ; Mon, 05 Aug 2024 05:27:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=enterprisedb.com; s=google; t=1722860863; x=1723465663; darn=postgresql.org; h=to:subject:message-id:date:from:mime-version:from:to:cc:subject :date:message-id:reply-to; bh=XCGsz8cLn0H5DAMwwOf6LQ01UMPFYQI3aIgQwvzr1Ic=; b=Nt8PlPg1cry1W/gm4DiH07dx/OSBMY7SkSi6CfgAR43ivoxOlY4hpi62I1keCfrsD2 CMWTUOoq+5/+ZWQEv3+N4f1xt0iZ/eOYF3Q/9LHl/R8De7gzG/8EtTnFPdzkczxrTBdh o6zOwW9FcqbQoKsYMl3PEV44wk07+KpY8/vGp/owXcFQg9i6icLxWJPtRO7w1NQlvYpC FJXCRAjEtwm6RxqsnpC0Jiwt2F+fkpyc/egE9Ro9CAhWHPrsm+UyGkLpWxnQKDUyrf+p D/sPHxDczqMJtVN5oDFqPSt67mgWDIo0pE5seSlRAIdcnn2kdrZ53YT6FXBbuRWa8vIA Od3g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1722860863; x=1723465663; h=to:subject:message-id:date:from:mime-version:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=XCGsz8cLn0H5DAMwwOf6LQ01UMPFYQI3aIgQwvzr1Ic=; b=pVn8EEtZ6TG5eR6P7hzG2xpfWUkOv5oC4QmI5aBantbOeqsq9Tg9wBFoEHoiscjQig 6zKjd0/aVzSYi2QZo73LPBjgdPSLhmL7B/BW7UgNpmkUHe4l1TDx7RgeD9cT/5KI3RtV EVVDhfzYihm2Dn1T0467xr2BH66Lg3F+OTkD1Lixhm+oUOTyYmHyA09LXAd0o3IxNyR5 +J9SR2/loFfWmDQa+A4PFPqswN7g0XTWw4MN/UaqMYFGSt8Al59+ABNnEA5Me8np2bxY Y6MY88su1s8jMZseafbJckyiR0Iqg3f/KQPQ8E5cYdbajFqq6SM153+WDFZP770dZfK8 wWRQ== X-Gm-Message-State: AOJu0Yymh4LlKwD1cQ8oaaMS9He2NE5U94MMJur1wt7azNFC/u0ebl1X jm7Dqk5sq5bc/zagEQaHEA7sjfOTZ5xGm3uuZ37+X+9CspnRJq+e4SqVGfxUTh3zZAEvMVkzRcT GLb76WYqZeu5KBOUbGEFVNJ/zY4qPPMB1fZVojB07MBEREFxncQ== X-Google-Smtp-Source: AGHT+IH0VY/RwMvi+ty/pg40qqvFyBvVMpKrfi0mjqh8vPp8CPgVWKGVAMyjrnkAEVVLiv+XWe4gj11kj4bZQ15KFPE= X-Received: by 2002:a05:6902:124a:b0:e0b:bf20:4ff4 with SMTP id 3f1490d57ef6-e0bde1f57c0mr13845371276.3.1722860863131; Mon, 05 Aug 2024 05:27:43 -0700 (PDT) MIME-Version: 1.0 From: Yogesh Mahajan Date: Mon, 5 Aug 2024 17:57:07 +0530 Message-ID: Subject: #7076 - Keychain access on Mac To: pgadmin-hackers Content-Type: multipart/alternative; boundary="000000000000beb4c9061eeecd82" List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk --000000000000beb4c9061eeecd82 Content-Type: text/plain; charset="UTF-8" Hi Hackers, Issue #7076 has been reported by many Mac users. Issue has popped up when python binary version is changed for the pgadmin. To save server passwords, pgadmin uses os level secret storage (in case of Mac it is keyring) and adds an entry for each save password. Whenever the python binary version is changed, keychain (python lib used to access keychain) asks for a password 2 times for accessing each entry. If you have 10 servers, then it will ask for 20 times. To fix the issue, pgadmin will follow the same approach as chrome. 1.An encryption key will be auto-generated and will be stored in the keychain. 2.Whenever save password request is received, encryption key will be used to encrypt password and encrypted password will be saved in the pgadmin database. 3.Similarly, while retrieving the password, encryption will be pulled from the keychain and will be used to decrypt the password. This will reduce password asks to 2 times on python binary version change. Kindly share your inputs/suggestions/thoughts. Thanks, Yogesh Mahajan EnterpriseDB --000000000000beb4c9061eeecd82 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Hi Hackers,

Issue=C2=A0#7076 has been reported by many Mac users. Issue has popped up when p= ython binary version is changed for the pgadmin.

=
To save server passwords, pgadmin uses os level secret storage (= in case of Mac it is keyring) and adds an entry for each save password. Whe= never the python binary version is changed, keychain=C2=A0(python lib used = to access keychain) asks for a password=C2=A02 times for accessing each ent= ry. If you have 10 servers, then it will ask for 20 times.

To fix the issue, pgadmin will follow the same approa= ch=C2=A0as chrome.=C2=A0
1.An encryption key will be auto-g= enerated and will be stored=C2=A0in the keychain.
2.Wheneve= r save password request is received, encryption key will be used to encrypt= password=C2=A0and encrypted password will be saved in the pgadmin database= .
3.Similarly, while retrieving the password, encryption=C2= =A0will be pulled from the keychain and will be used to decrypt the passwor= d.
This will reduce password=C2=A0asks to 2 times on python= binary version change.

Kindly share y= our=C2=A0inputs/suggestions/thoughts.


Th= anks,
Yogesh Mahajan
EnterpriseDB
--000000000000beb4c9061eeecd82--