public inbox for [email protected]
help / color / mirror / Atom feedFrom: Akshay Joshi <[email protected]>
To: Aditya Toshniwal <[email protected]>
Cc: Dave Page <[email protected]>
Cc: pgadmin-hackers <[email protected]>
Subject: Re: Regarding feature "Option to skip Password-Dialog for identity file"
Date: Tue, 30 Sep 2025 11:36:34 +0530
Message-ID: <CANxoLDfbDmj9NcKeH0+bnvXSn3rxLkAZHE65r=Cx+72hfmbnUg@mail.gmail.com> (raw)
In-Reply-To: <CAM9w-_kQNzh7kBJuAftKsz9N=q8mgsuWCRWi6rEeZ8XaNpsudw@mail.gmail.com>
References: <CANxoLDch_B=O+zYcOL9=WMabnif8TRe-bxEbCwtkiZ0XXhHF5g@mail.gmail.com>
<CAM9w-_nQoD0WwEWwGaWCKkR1k6R+jpJdyFHSwp8RnvocMt9CBQ@mail.gmail.com>
<CANxoLDcqZzUp1fG5Y_ovDv4wGPj_JrZAALQ0ArAWg4vL+yCEWg@mail.gmail.com>
<CAM9w-_kQNzh7kBJuAftKsz9N=q8mgsuWCRWi6rEeZ8XaNpsudw@mail.gmail.com>
On Tue, Sep 30, 2025 at 11:29 AM Aditya Toshniwal <
[email protected]> wrote:
> Hi Akshay,
>
> Even if you show the password dialog for the first time, the above
> scenarios are applicable.
> For the context of showing the password prompt first time or not - I'm
> suggesting we try first and then show the password prompt.
>
I tried that implementation, but what if the user doesn’t want a
password prompt at all when the identity file has no password? Do you think
the solution you provided fully meets the user’s requirements?
>
> On Tue, Sep 30, 2025 at 11:16 AM Akshay Joshi <
> [email protected]> wrote:
>
>> Hi Aditya,
>>
>> I already mentioned that I tried the same solution you suggested, but
>> there are a few combinations where it’s unclear when exactly we should
>> prompt for the tunnel password. For example, assuming an SSH tunnel with an
>> identity file that does not have a password:
>>
>> 1.
>>
>> When a user connects to the server for the first time, the password
>> dialog for the database server appears if the password has not been saved.
>> If the user enters the wrong password, the error we receive is “SSHTunnel
>> failed to create.” In this case, it’s unclear whether we should prompt for
>> the tunnel password or not.
>> 2.
>>
>> If the SSH tunnel fails to create for reasons other than
>> authentication, the error from the sshtunnel library is not descriptive
>> enough. Again, we don’t know whether prompting for the password is
>> appropriate.
>>
>> Suppose we always prompt for the password after a connection attempt. In
>> that case, the original issue remains; users don’t want to see a prompt if
>> an identity file without a password is provided.
>>
>> That’s why I believe the solution I proposed is the simplest and most
>> user-friendly: if users don’t want to be prompted, they can simply disable
>> the prompt option from the server dialog.
>>
>> On Tue, Sep 30, 2025 at 10:33 AM Aditya Toshniwal <
>> [email protected]> wrote:
>>
>>> Hi Akshay,
>>>
>>> How about we prompt for password irrespective of what is the error from
>>> sshtunnel library?
>>> Try to connect without a password for identity file based, if any error
>>> comes then ask for password along with displaying the error message. No
>>> need to bother what the error is about.
>>>
>>> On Mon, Sep 29, 2025 at 7:27 PM Akshay Joshi <
>>> [email protected]> wrote:
>>>
>>>> Hi Dave/Hackers,
>>>>
>>>> I am working on the feature "Option to Skip Password Dialog for
>>>> Identity File" #6996
>>>> <https://github.com/pgadmin-org/pgadmin4/issues/6996;.
>>>>
>>>> I initially tried implementing it so that the tunnel password would not
>>>> be requested upfront, and would only be prompted on error. However, the
>>>> *sshtunnel* library currently returns a generic error message, for
>>>> which I have created an issue on the SSHTunnel GitHub repository #305
>>>> <https://github.com/pahaz/sshtunnel/issues/305;.
>>>>
>>>> This approach introduces multiple scenarios for when to prompt for the
>>>> tunnel password, making the code more complex and harder to maintain.
>>>>
>>>> *Proposed solution:*
>>>> Add a new switch *"Prompt for password?"* in the server dialog under
>>>> the *SSHTunnel* tab. By default, the switch is set to *false* and is
>>>> enabled only when the authentication method is *Identity File*. See
>>>> the screenshot below for reference.
>>>> [image: Screenshot 2025-09-29 at 7.12.17 PM.png]
>>>>
>>>> Thoughts/suggestions?
>>>>
>>>>
>>>> Akshay Joshi
>>>>
>>>> Principal Engineer | Engineering Manager | pgAdmin Hacker
>>>>
>>>> enterprisedb.com
>>>>
>>>> * Blog*: https://www.enterprisedb.com/akshay-joshi
>>>> * GitHub*: https://github.com/akshay-joshi
>>>> * LinkedIn*: https:// <http://goog_373708537;
>>>> www.linkedin.com/in/akshay-joshi-a9317b14
>>>>
>>>
>>>
>>> --
>>> Thanks,
>>> Aditya Toshniwal
>>> pgAdmin Hacker | Sr. Staff SDE II | *enterprisedb.com*
>>> <https://www.enterprisedb.com/;
>>> "Don't Complain about Heat, Plant a TREE"
>>>
>>
>
> --
> Thanks,
> Aditya Toshniwal
> pgAdmin Hacker | Sr. Staff SDE II | *enterprisedb.com*
> <https://www.enterprisedb.com/;
> "Don't Complain about Heat, Plant a TREE"
>
Attachments:
[image/png] Screenshot 2025-09-29 at 7.12.17 PM.png (138.4K, 3-Screenshot%202025-09-29%20at%207.12.17%E2%80%AFPM.png)
download | view image
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: [email protected]
Cc: [email protected], [email protected], [email protected]
Subject: Re: Regarding feature "Option to skip Password-Dialog for identity file"
In-Reply-To: <CANxoLDfbDmj9NcKeH0+bnvXSn3rxLkAZHE65r=Cx+72hfmbnUg@mail.gmail.com>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox