Re: Regarding feature "Option to skip Password-Dialog for identity file"

public inbox for [email protected]  
help / color / mirror / Atom feed

From: Akshay Joshi <[email protected]>
To: Aditya Toshniwal <[email protected]>
Cc: Dave Page <[email protected]>
Cc: pgadmin-hackers <[email protected]>
Subject: Re: Regarding feature "Option to skip Password-Dialog for identity file"
Date: Tue, 30 Sep 2025 11:16:28 +0530
Message-ID: <CANxoLDcqZzUp1fG5Y_ovDv4wGPj_JrZAALQ0ArAWg4vL+yCEWg@mail.gmail.com> (raw)
In-Reply-To: <CAM9w-_nQoD0WwEWwGaWCKkR1k6R+jpJdyFHSwp8RnvocMt9CBQ@mail.gmail.com>
References: <CANxoLDch_B=O+zYcOL9=WMabnif8TRe-bxEbCwtkiZ0XXhHF5g@mail.gmail.com>
	<CAM9w-_nQoD0WwEWwGaWCKkR1k6R+jpJdyFHSwp8RnvocMt9CBQ@mail.gmail.com>

Hi Aditya,

I already mentioned that I tried the same solution you suggested, but there
are a few combinations where it’s unclear when exactly we should prompt for
the tunnel password. For example, assuming an SSH tunnel with an identity
file that does not have a password:

   1.

   When a user connects to the server for the first time, the password
   dialog for the database server appears if the password has not been saved.
   If the user enters the wrong password, the error we receive is “SSHTunnel
   failed to create.” In this case, it’s unclear whether we should prompt for
   the tunnel password or not.
   2.

   If the SSH tunnel fails to create for reasons other than authentication,
   the error from the sshtunnel library is not descriptive enough. Again, we
   don’t know whether prompting for the password is appropriate.

Suppose we always prompt for the password after a connection attempt. In
that case, the original issue remains; users don’t want to see a prompt if
an identity file without a password is provided.

That’s why I believe the solution I proposed is the simplest and most
user-friendly: if users don’t want to be prompted, they can simply disable
the prompt option from the server dialog.

On Tue, Sep 30, 2025 at 10:33 AM Aditya Toshniwal <
[email protected]> wrote:

> Hi Akshay,
>
> How about we prompt for password irrespective of what is the error from
> sshtunnel library?
> Try to connect without a password for identity file based, if any error
> comes then ask for password along with displaying the error message. No
> need to bother what the error is about.
>
> On Mon, Sep 29, 2025 at 7:27 PM Akshay Joshi <
> [email protected]> wrote:
>
>> Hi Dave/Hackers,
>>
>> I am working on the feature "Option to Skip Password Dialog for Identity
>> File" #6996 <https://github.com/pgadmin-org/pgadmin4/issues/6996;.
>>
>> I initially tried implementing it so that the tunnel password would not
>> be requested upfront, and would only be prompted on error. However, the
>> *sshtunnel* library currently returns a generic error message, for which
>> I have created an issue on the SSHTunnel GitHub repository #305
>> <https://github.com/pahaz/sshtunnel/issues/305;.
>>
>> This approach introduces multiple scenarios for when to prompt for the
>> tunnel password, making the code more complex and harder to maintain.
>>
>> *Proposed solution:*
>> Add a new switch *"Prompt for password?"* in the server dialog under the
>> *SSHTunnel* tab. By default, the switch is set to *false* and is enabled
>> only when the authentication method is *Identity File*. See the
>> screenshot below for reference.
>> [image: Screenshot 2025-09-29 at 7.12.17 PM.png]
>>
>> Thoughts/suggestions?
>>
>>
>> Akshay Joshi
>>
>> Principal Engineer | Engineering Manager | pgAdmin Hacker
>>
>> enterprisedb.com
>>
>> *  Blog*: https://www.enterprisedb.com/akshay-joshi
>> *  GitHub*: https://github.com/akshay-joshi
>> *  LinkedIn*: https:// <http://goog_373708537;
>> www.linkedin.com/in/akshay-joshi-a9317b14
>>
>
>
> --
> Thanks,
> Aditya Toshniwal
> pgAdmin Hacker | Sr. Staff SDE II | *enterprisedb.com*
> <https://www.enterprisedb.com/;
> "Don't Complain about Heat, Plant a TREE"
>

Attachments:

  [image/png] Screenshot 2025-09-29 at 7.12.17 PM.png (138.4K, 3-Screenshot%202025-09-29%20at%207.12.17%E2%80%AFPM.png)
  download | view image

reply

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Reply to all the recipients using the --to and --cc options:
  reply via email

  To: [email protected]
  Cc: [email protected], [email protected], [email protected]
  Subject: Re: Regarding feature "Option to skip Password-Dialog for identity file"
  In-Reply-To: <CANxoLDcqZzUp1fG5Y_ovDv4wGPj_JrZAALQ0ArAWg4vL+yCEWg@mail.gmail.com>

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox