public inbox for [email protected]
help / color / mirror / Atom feedFrom: Yogesh Mahajan <[email protected]>
To: Dave Page <[email protected]>
Cc: pgadmin-hackers <[email protected]>
Subject: Re: #7076 - Keychain access on Mac
Date: Thu, 8 Aug 2024 18:16:10 +0530
Message-ID: <CAMa=N=O0YEfqXv=UgLJXNnbcCe8-yJvqOmB13M0SN0+s80W6Eg@mail.gmail.com> (raw)
In-Reply-To: <CA+OCxoxB2a3y=QthPBRvdDv+pneK8SG6tK6rHrM=b-RJek=Enw@mail.gmail.com>
References: <CAMa=N=NWVwbd3RxwHcOZsqNVJNeaWXpS=yVPCOO5rbQkZRGJKw@mail.gmail.com>
<CA+OCxoxfbi5YrCGLOZf=KO8hMFRKf6XNQK1WchqvMt8UpHmv7A@mail.gmail.com>
<CAMa=N=NRyCRgQFUJmLa5pc6BXUrO75qA5MC65L=a39sEua-zMg@mail.gmail.com>
<CA+OCxoxB2a3y=QthPBRvdDv+pneK8SG6tK6rHrM=b-RJek=Enw@mail.gmail.com>
Hi Dave,
Should I proceed with this approach?
Thanks,
Yogesh Mahajan
EnterpriseDB
On Thu, Aug 8, 2024 at 6:14 PM Dave Page <[email protected]> wrote:
>
>
> On Thu, 8 Aug 2024 at 13:38, Yogesh Mahajan <
> [email protected]> wrote:
>
>>
>>
>> Hi,
>>
>> On Thu, Aug 8, 2024 at 5:58 PM Dave Page <[email protected]> wrote:
>>
>>>
>>>
>>> On Mon, 5 Aug 2024 at 13:27, Yogesh Mahajan <
>>> [email protected]> wrote:
>>>
>>>> Hi Hackers,
>>>>
>>>> Issue #7076 <https://github.com/pgadmin-org/pgadmin4/issues/7076; has
>>>> been reported by many Mac users. Issue has popped up when python binary
>>>> version is changed for the pgadmin.
>>>>
>>>> To save server passwords, pgadmin uses os level secret storage (in case
>>>> of Mac it is keyring) and adds an entry for each save password. Whenever
>>>> the python binary version is changed, keychain (python lib used to access
>>>> keychain) asks for a password 2 times for accessing each entry. If you have
>>>> 10 servers, then it will ask for 20 times.
>>>>
>>>> To fix the issue, pgadmin will follow the same approach as chrome.
>>>> 1.An encryption key will be auto-generated and will be stored in the
>>>> keychain.
>>>> 2.Whenever save password request is received, encryption key will be
>>>> used to encrypt password and encrypted password will be saved in the
>>>> pgadmin database.
>>>> 3.Similarly, while retrieving the password, encryption will be pulled
>>>> from the keychain and will be used to decrypt the password.
>>>> This will reduce password asks to 2 times on python binary version
>>>> change.
>>>>
>>>
>>> That sounds almost like returning to the way things used to work with
>>> the master password, except we auto-generate it, and store that in the
>>> keychain.
>>>
>>
>> Yeah.
>>
>>
>>> I assume we'd do the same on all platforms, using whatever the
>>> equivalent store is on each?
>>>
>>
>> Yes we will be doing the same on all supported platforms.
>>
>>
>>>
>>> Any idea why it asks for the login password twice per access on macOS?
>>>
>>
>> This <https://github.com/jaraco/keyring/issues/644; is a known issue for
>> keyring python lib. And this
>> <https://github.com/jaraco/keyring/issues/619; one where the keychain
>> asks for a password for accessing each entry.
>>
>
> OK, thanks.
> --
> Dave Page
> pgAdmin: https://www.pgadmin.org
> PostgreSQL: https://www.postgresql.org
> EDB: https://www.enterprisedb.com
>
> PGDay UK 2024, 11th September, London: https://2024.pgday.uk/
>
>
view thread (7+ messages) latest in thread
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: [email protected]
Cc: [email protected], [email protected]
Subject: Re: #7076 - Keychain access on Mac
In-Reply-To: <CAMa=N=O0YEfqXv=UgLJXNnbcCe8-yJvqOmB13M0SN0+s80W6Eg@mail.gmail.com>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox