public inbox for [email protected]help / color / mirror / Atom feed
Regarding feature "Option to skip Password-Dialog for identity file" 10+ messages / 3 participants [nested] [flat]
* Regarding feature "Option to skip Password-Dialog for identity file" @ 2025-09-29 13:57 Akshay Joshi <[email protected]> 0 siblings, 1 reply; 10+ messages in thread From: Akshay Joshi @ 2025-09-29 13:57 UTC (permalink / raw) To: Dave Page <[email protected]>; pgadmin-hackers Hi Dave/Hackers, I am working on the feature "Option to Skip Password Dialog for Identity File" #6996 <https://github.com/pgadmin-org/pgadmin4/issues/6996;. I initially tried implementing it so that the tunnel password would not be requested upfront, and would only be prompted on error. However, the *sshtunnel* library currently returns a generic error message, for which I have created an issue on the SSHTunnel GitHub repository #305 <https://github.com/pahaz/sshtunnel/issues/305;. This approach introduces multiple scenarios for when to prompt for the tunnel password, making the code more complex and harder to maintain. *Proposed solution:* Add a new switch *"Prompt for password?"* in the server dialog under the *SSHTunnel* tab. By default, the switch is set to *false* and is enabled only when the authentication method is *Identity File*. See the screenshot below for reference. [image: Screenshot 2025-09-29 at 7.12.17 PM.png] Thoughts/suggestions? Akshay Joshi Principal Engineer | Engineering Manager | pgAdmin Hacker enterprisedb.com * Blog*: https://www.enterprisedb.com/akshay-joshi * GitHub*: https://github.com/akshay-joshi * LinkedIn*: https:// <http://goog_373708537; www.linkedin.com/in/akshay-joshi-a9317b14 Attachments: [image/png] Screenshot 2025-09-29 at 7.12.17 PM.png (138.4K, 3-Screenshot%202025-09-29%20at%207.12.17%E2%80%AFPM.png) download | view image ^ permalink raw reply [nested|flat] 10+ messages in thread
* Re: Regarding feature "Option to skip Password-Dialog for identity file" @ 2025-09-30 05:03 Aditya Toshniwal <[email protected]> parent: Akshay Joshi <[email protected]> 0 siblings, 1 reply; 10+ messages in thread From: Aditya Toshniwal @ 2025-09-30 05:03 UTC (permalink / raw) To: Akshay Joshi <[email protected]>; +Cc: Dave Page <[email protected]>; pgadmin-hackers Hi Akshay, How about we prompt for password irrespective of what is the error from sshtunnel library? Try to connect without a password for identity file based, if any error comes then ask for password along with displaying the error message. No need to bother what the error is about. On Mon, Sep 29, 2025 at 7:27 PM Akshay Joshi <[email protected]> wrote: > Hi Dave/Hackers, > > I am working on the feature "Option to Skip Password Dialog for Identity > File" #6996 <https://github.com/pgadmin-org/pgadmin4/issues/6996;. > > I initially tried implementing it so that the tunnel password would not be > requested upfront, and would only be prompted on error. However, the > *sshtunnel* library currently returns a generic error message, for which > I have created an issue on the SSHTunnel GitHub repository #305 > <https://github.com/pahaz/sshtunnel/issues/305;. > > This approach introduces multiple scenarios for when to prompt for the > tunnel password, making the code more complex and harder to maintain. > > *Proposed solution:* > Add a new switch *"Prompt for password?"* in the server dialog under the > *SSHTunnel* tab. By default, the switch is set to *false* and is enabled > only when the authentication method is *Identity File*. See the > screenshot below for reference. > [image: Screenshot 2025-09-29 at 7.12.17 PM.png] > > Thoughts/suggestions? > > > Akshay Joshi > > Principal Engineer | Engineering Manager | pgAdmin Hacker > > enterprisedb.com > > * Blog*: https://www.enterprisedb.com/akshay-joshi > * GitHub*: https://github.com/akshay-joshi > * LinkedIn*: https:// <http://goog_373708537; > www.linkedin.com/in/akshay-joshi-a9317b14 > -- Thanks, Aditya Toshniwal pgAdmin Hacker | Sr. Staff SDE II | *enterprisedb.com* <https://www.enterprisedb.com/; "Don't Complain about Heat, Plant a TREE" Attachments: [image/png] Screenshot 2025-09-29 at 7.12.17 PM.png (138.4K, 3-Screenshot%202025-09-29%20at%207.12.17%E2%80%AFPM.png) download | view image ^ permalink raw reply [nested|flat] 10+ messages in thread
* Re: Regarding feature "Option to skip Password-Dialog for identity file" @ 2025-09-30 05:46 Akshay Joshi <[email protected]> parent: Aditya Toshniwal <[email protected]> 0 siblings, 1 reply; 10+ messages in thread From: Akshay Joshi @ 2025-09-30 05:46 UTC (permalink / raw) To: Aditya Toshniwal <[email protected]>; +Cc: Dave Page <[email protected]>; pgadmin-hackers Hi Aditya, I already mentioned that I tried the same solution you suggested, but there are a few combinations where it’s unclear when exactly we should prompt for the tunnel password. For example, assuming an SSH tunnel with an identity file that does not have a password: 1. When a user connects to the server for the first time, the password dialog for the database server appears if the password has not been saved. If the user enters the wrong password, the error we receive is “SSHTunnel failed to create.” In this case, it’s unclear whether we should prompt for the tunnel password or not. 2. If the SSH tunnel fails to create for reasons other than authentication, the error from the sshtunnel library is not descriptive enough. Again, we don’t know whether prompting for the password is appropriate. Suppose we always prompt for the password after a connection attempt. In that case, the original issue remains; users don’t want to see a prompt if an identity file without a password is provided. That’s why I believe the solution I proposed is the simplest and most user-friendly: if users don’t want to be prompted, they can simply disable the prompt option from the server dialog. On Tue, Sep 30, 2025 at 10:33 AM Aditya Toshniwal < [email protected]> wrote: > Hi Akshay, > > How about we prompt for password irrespective of what is the error from > sshtunnel library? > Try to connect without a password for identity file based, if any error > comes then ask for password along with displaying the error message. No > need to bother what the error is about. > > On Mon, Sep 29, 2025 at 7:27 PM Akshay Joshi < > [email protected]> wrote: > >> Hi Dave/Hackers, >> >> I am working on the feature "Option to Skip Password Dialog for Identity >> File" #6996 <https://github.com/pgadmin-org/pgadmin4/issues/6996;. >> >> I initially tried implementing it so that the tunnel password would not >> be requested upfront, and would only be prompted on error. However, the >> *sshtunnel* library currently returns a generic error message, for which >> I have created an issue on the SSHTunnel GitHub repository #305 >> <https://github.com/pahaz/sshtunnel/issues/305;. >> >> This approach introduces multiple scenarios for when to prompt for the >> tunnel password, making the code more complex and harder to maintain. >> >> *Proposed solution:* >> Add a new switch *"Prompt for password?"* in the server dialog under the >> *SSHTunnel* tab. By default, the switch is set to *false* and is enabled >> only when the authentication method is *Identity File*. See the >> screenshot below for reference. >> [image: Screenshot 2025-09-29 at 7.12.17 PM.png] >> >> Thoughts/suggestions? >> >> >> Akshay Joshi >> >> Principal Engineer | Engineering Manager | pgAdmin Hacker >> >> enterprisedb.com >> >> * Blog*: https://www.enterprisedb.com/akshay-joshi >> * GitHub*: https://github.com/akshay-joshi >> * LinkedIn*: https:// <http://goog_373708537; >> www.linkedin.com/in/akshay-joshi-a9317b14 >> > > > -- > Thanks, > Aditya Toshniwal > pgAdmin Hacker | Sr. Staff SDE II | *enterprisedb.com* > <https://www.enterprisedb.com/; > "Don't Complain about Heat, Plant a TREE" > Attachments: [image/png] Screenshot 2025-09-29 at 7.12.17 PM.png (138.4K, 3-Screenshot%202025-09-29%20at%207.12.17%E2%80%AFPM.png) download | view image ^ permalink raw reply [nested|flat] 10+ messages in thread
* Re: Regarding feature "Option to skip Password-Dialog for identity file" @ 2025-09-30 05:58 Aditya Toshniwal <[email protected]> parent: Akshay Joshi <[email protected]> 0 siblings, 1 reply; 10+ messages in thread From: Aditya Toshniwal @ 2025-09-30 05:58 UTC (permalink / raw) To: Akshay Joshi <[email protected]>; +Cc: Dave Page <[email protected]>; pgadmin-hackers Hi Akshay, Even if you show the password dialog for the first time, the above scenarios are applicable. For the context of showing the password prompt first time or not - I'm suggesting we try first and then show the password prompt. On Tue, Sep 30, 2025 at 11:16 AM Akshay Joshi <[email protected]> wrote: > Hi Aditya, > > I already mentioned that I tried the same solution you suggested, but > there are a few combinations where it’s unclear when exactly we should > prompt for the tunnel password. For example, assuming an SSH tunnel with an > identity file that does not have a password: > > 1. > > When a user connects to the server for the first time, the password > dialog for the database server appears if the password has not been saved. > If the user enters the wrong password, the error we receive is “SSHTunnel > failed to create.” In this case, it’s unclear whether we should prompt for > the tunnel password or not. > 2. > > If the SSH tunnel fails to create for reasons other than > authentication, the error from the sshtunnel library is not descriptive > enough. Again, we don’t know whether prompting for the password is > appropriate. > > Suppose we always prompt for the password after a connection attempt. In > that case, the original issue remains; users don’t want to see a prompt if > an identity file without a password is provided. > > That’s why I believe the solution I proposed is the simplest and most > user-friendly: if users don’t want to be prompted, they can simply disable > the prompt option from the server dialog. > > On Tue, Sep 30, 2025 at 10:33 AM Aditya Toshniwal < > [email protected]> wrote: > >> Hi Akshay, >> >> How about we prompt for password irrespective of what is the error from >> sshtunnel library? >> Try to connect without a password for identity file based, if any error >> comes then ask for password along with displaying the error message. No >> need to bother what the error is about. >> >> On Mon, Sep 29, 2025 at 7:27 PM Akshay Joshi < >> [email protected]> wrote: >> >>> Hi Dave/Hackers, >>> >>> I am working on the feature "Option to Skip Password Dialog for Identity >>> File" #6996 <https://github.com/pgadmin-org/pgadmin4/issues/6996;. >>> >>> I initially tried implementing it so that the tunnel password would not >>> be requested upfront, and would only be prompted on error. However, the >>> *sshtunnel* library currently returns a generic error message, for >>> which I have created an issue on the SSHTunnel GitHub repository #305 >>> <https://github.com/pahaz/sshtunnel/issues/305;. >>> >>> This approach introduces multiple scenarios for when to prompt for the >>> tunnel password, making the code more complex and harder to maintain. >>> >>> *Proposed solution:* >>> Add a new switch *"Prompt for password?"* in the server dialog under >>> the *SSHTunnel* tab. By default, the switch is set to *false* and is >>> enabled only when the authentication method is *Identity File*. See the >>> screenshot below for reference. >>> [image: Screenshot 2025-09-29 at 7.12.17 PM.png] >>> >>> Thoughts/suggestions? >>> >>> >>> Akshay Joshi >>> >>> Principal Engineer | Engineering Manager | pgAdmin Hacker >>> >>> enterprisedb.com >>> >>> * Blog*: https://www.enterprisedb.com/akshay-joshi >>> * GitHub*: https://github.com/akshay-joshi >>> * LinkedIn*: https:// <http://goog_373708537; >>> www.linkedin.com/in/akshay-joshi-a9317b14 >>> >> >> >> -- >> Thanks, >> Aditya Toshniwal >> pgAdmin Hacker | Sr. Staff SDE II | *enterprisedb.com* >> <https://www.enterprisedb.com/; >> "Don't Complain about Heat, Plant a TREE" >> > -- Thanks, Aditya Toshniwal pgAdmin Hacker | Sr. Staff SDE II | *enterprisedb.com* <https://www.enterprisedb.com/; "Don't Complain about Heat, Plant a TREE" Attachments: [image/png] Screenshot 2025-09-29 at 7.12.17 PM.png (138.4K, 3-Screenshot%202025-09-29%20at%207.12.17%E2%80%AFPM.png) download | view image ^ permalink raw reply [nested|flat] 10+ messages in thread
* Re: Regarding feature "Option to skip Password-Dialog for identity file" @ 2025-09-30 06:06 Akshay Joshi <[email protected]> parent: Aditya Toshniwal <[email protected]> 0 siblings, 1 reply; 10+ messages in thread From: Akshay Joshi @ 2025-09-30 06:06 UTC (permalink / raw) To: Aditya Toshniwal <[email protected]>; +Cc: Dave Page <[email protected]>; pgadmin-hackers On Tue, Sep 30, 2025 at 11:29 AM Aditya Toshniwal < [email protected]> wrote: > Hi Akshay, > > Even if you show the password dialog for the first time, the above > scenarios are applicable. > For the context of showing the password prompt first time or not - I'm > suggesting we try first and then show the password prompt. > I tried that implementation, but what if the user doesn’t want a password prompt at all when the identity file has no password? Do you think the solution you provided fully meets the user’s requirements? > > On Tue, Sep 30, 2025 at 11:16 AM Akshay Joshi < > [email protected]> wrote: > >> Hi Aditya, >> >> I already mentioned that I tried the same solution you suggested, but >> there are a few combinations where it’s unclear when exactly we should >> prompt for the tunnel password. For example, assuming an SSH tunnel with an >> identity file that does not have a password: >> >> 1. >> >> When a user connects to the server for the first time, the password >> dialog for the database server appears if the password has not been saved. >> If the user enters the wrong password, the error we receive is “SSHTunnel >> failed to create.” In this case, it’s unclear whether we should prompt for >> the tunnel password or not. >> 2. >> >> If the SSH tunnel fails to create for reasons other than >> authentication, the error from the sshtunnel library is not descriptive >> enough. Again, we don’t know whether prompting for the password is >> appropriate. >> >> Suppose we always prompt for the password after a connection attempt. In >> that case, the original issue remains; users don’t want to see a prompt if >> an identity file without a password is provided. >> >> That’s why I believe the solution I proposed is the simplest and most >> user-friendly: if users don’t want to be prompted, they can simply disable >> the prompt option from the server dialog. >> >> On Tue, Sep 30, 2025 at 10:33 AM Aditya Toshniwal < >> [email protected]> wrote: >> >>> Hi Akshay, >>> >>> How about we prompt for password irrespective of what is the error from >>> sshtunnel library? >>> Try to connect without a password for identity file based, if any error >>> comes then ask for password along with displaying the error message. No >>> need to bother what the error is about. >>> >>> On Mon, Sep 29, 2025 at 7:27 PM Akshay Joshi < >>> [email protected]> wrote: >>> >>>> Hi Dave/Hackers, >>>> >>>> I am working on the feature "Option to Skip Password Dialog for >>>> Identity File" #6996 >>>> <https://github.com/pgadmin-org/pgadmin4/issues/6996;. >>>> >>>> I initially tried implementing it so that the tunnel password would not >>>> be requested upfront, and would only be prompted on error. However, the >>>> *sshtunnel* library currently returns a generic error message, for >>>> which I have created an issue on the SSHTunnel GitHub repository #305 >>>> <https://github.com/pahaz/sshtunnel/issues/305;. >>>> >>>> This approach introduces multiple scenarios for when to prompt for the >>>> tunnel password, making the code more complex and harder to maintain. >>>> >>>> *Proposed solution:* >>>> Add a new switch *"Prompt for password?"* in the server dialog under >>>> the *SSHTunnel* tab. By default, the switch is set to *false* and is >>>> enabled only when the authentication method is *Identity File*. See >>>> the screenshot below for reference. >>>> [image: Screenshot 2025-09-29 at 7.12.17 PM.png] >>>> >>>> Thoughts/suggestions? >>>> >>>> >>>> Akshay Joshi >>>> >>>> Principal Engineer | Engineering Manager | pgAdmin Hacker >>>> >>>> enterprisedb.com >>>> >>>> * Blog*: https://www.enterprisedb.com/akshay-joshi >>>> * GitHub*: https://github.com/akshay-joshi >>>> * LinkedIn*: https:// <http://goog_373708537; >>>> www.linkedin.com/in/akshay-joshi-a9317b14 >>>> >>> >>> >>> -- >>> Thanks, >>> Aditya Toshniwal >>> pgAdmin Hacker | Sr. Staff SDE II | *enterprisedb.com* >>> <https://www.enterprisedb.com/; >>> "Don't Complain about Heat, Plant a TREE" >>> >> > > -- > Thanks, > Aditya Toshniwal > pgAdmin Hacker | Sr. Staff SDE II | *enterprisedb.com* > <https://www.enterprisedb.com/; > "Don't Complain about Heat, Plant a TREE" > Attachments: [image/png] Screenshot 2025-09-29 at 7.12.17 PM.png (138.4K, 3-Screenshot%202025-09-29%20at%207.12.17%E2%80%AFPM.png) download | view image ^ permalink raw reply [nested|flat] 10+ messages in thread
* Re: Regarding feature "Option to skip Password-Dialog for identity file" @ 2025-09-30 06:11 Aditya Toshniwal <[email protected]> parent: Akshay Joshi <[email protected]> 0 siblings, 1 reply; 10+ messages in thread From: Aditya Toshniwal @ 2025-09-30 06:11 UTC (permalink / raw) To: Akshay Joshi <[email protected]>; +Cc: Dave Page <[email protected]>; pgadmin-hackers Hi Akshay, On Tue, Sep 30, 2025 at 11:36 AM Akshay Joshi <[email protected]> wrote: > > > On Tue, Sep 30, 2025 at 11:29 AM Aditya Toshniwal < > [email protected]> wrote: > >> Hi Akshay, >> >> Even if you show the password dialog for the first time, the above >> scenarios are applicable. >> For the context of showing the password prompt first time or not - I'm >> suggesting we try first and then show the password prompt. >> > > I tried that implementation, but what if the user doesn’t want a > password prompt at all when the identity file has no password? Do you think > the solution you provided fully meets the user’s requirements? > It will work the same as the existing flow. Users can proceed without entering any password. > >> On Tue, Sep 30, 2025 at 11:16 AM Akshay Joshi < >> [email protected]> wrote: >> >>> Hi Aditya, >>> >>> I already mentioned that I tried the same solution you suggested, but >>> there are a few combinations where it’s unclear when exactly we should >>> prompt for the tunnel password. For example, assuming an SSH tunnel with an >>> identity file that does not have a password: >>> >>> 1. >>> >>> When a user connects to the server for the first time, the password >>> dialog for the database server appears if the password has not been saved. >>> If the user enters the wrong password, the error we receive is “SSHTunnel >>> failed to create.” In this case, it’s unclear whether we should prompt for >>> the tunnel password or not. >>> 2. >>> >>> If the SSH tunnel fails to create for reasons other than >>> authentication, the error from the sshtunnel library is not descriptive >>> enough. Again, we don’t know whether prompting for the password is >>> appropriate. >>> >>> Suppose we always prompt for the password after a connection attempt. In >>> that case, the original issue remains; users don’t want to see a prompt if >>> an identity file without a password is provided. >>> >>> That’s why I believe the solution I proposed is the simplest and most >>> user-friendly: if users don’t want to be prompted, they can simply disable >>> the prompt option from the server dialog. >>> >>> On Tue, Sep 30, 2025 at 10:33 AM Aditya Toshniwal < >>> [email protected]> wrote: >>> >>>> Hi Akshay, >>>> >>>> How about we prompt for password irrespective of what is the error from >>>> sshtunnel library? >>>> Try to connect without a password for identity file based, if any error >>>> comes then ask for password along with displaying the error message. No >>>> need to bother what the error is about. >>>> >>>> On Mon, Sep 29, 2025 at 7:27 PM Akshay Joshi < >>>> [email protected]> wrote: >>>> >>>>> Hi Dave/Hackers, >>>>> >>>>> I am working on the feature "Option to Skip Password Dialog for >>>>> Identity File" #6996 >>>>> <https://github.com/pgadmin-org/pgadmin4/issues/6996;. >>>>> >>>>> I initially tried implementing it so that the tunnel password would >>>>> not be requested upfront, and would only be prompted on error. However, the >>>>> *sshtunnel* library currently returns a generic error message, for >>>>> which I have created an issue on the SSHTunnel GitHub repository #305 >>>>> <https://github.com/pahaz/sshtunnel/issues/305;. >>>>> >>>>> This approach introduces multiple scenarios for when to prompt for the >>>>> tunnel password, making the code more complex and harder to maintain. >>>>> >>>>> *Proposed solution:* >>>>> Add a new switch *"Prompt for password?"* in the server dialog under >>>>> the *SSHTunnel* tab. By default, the switch is set to *false* and is >>>>> enabled only when the authentication method is *Identity File*. See >>>>> the screenshot below for reference. >>>>> [image: Screenshot 2025-09-29 at 7.12.17 PM.png] >>>>> >>>>> Thoughts/suggestions? >>>>> >>>>> >>>>> Akshay Joshi >>>>> >>>>> Principal Engineer | Engineering Manager | pgAdmin Hacker >>>>> >>>>> enterprisedb.com >>>>> >>>>> * Blog*: https://www.enterprisedb.com/akshay-joshi >>>>> * GitHub*: https://github.com/akshay-joshi >>>>> * LinkedIn*: https:// <http://goog_373708537; >>>>> www.linkedin.com/in/akshay-joshi-a9317b14 >>>>> >>>> >>>> >>>> -- >>>> Thanks, >>>> Aditya Toshniwal >>>> pgAdmin Hacker | Sr. Staff SDE II | *enterprisedb.com* >>>> <https://www.enterprisedb.com/; >>>> "Don't Complain about Heat, Plant a TREE" >>>> >>> >> >> -- >> Thanks, >> Aditya Toshniwal >> pgAdmin Hacker | Sr. Staff SDE II | *enterprisedb.com* >> <https://www.enterprisedb.com/; >> "Don't Complain about Heat, Plant a TREE" >> > -- Thanks, Aditya Toshniwal pgAdmin Hacker | Sr. Staff SDE II | *enterprisedb.com* <https://www.enterprisedb.com/; "Don't Complain about Heat, Plant a TREE" Attachments: [image/png] Screenshot 2025-09-29 at 7.12.17 PM.png (138.4K, 3-Screenshot%202025-09-29%20at%207.12.17%E2%80%AFPM.png) download | view image ^ permalink raw reply [nested|flat] 10+ messages in thread
* Re: Regarding feature "Option to skip Password-Dialog for identity file" @ 2025-09-30 06:20 Akshay Joshi <[email protected]> parent: Aditya Toshniwal <[email protected]> 0 siblings, 1 reply; 10+ messages in thread From: Akshay Joshi @ 2025-09-30 06:20 UTC (permalink / raw) To: Aditya Toshniwal <[email protected]>; +Cc: Dave Page <[email protected]>; pgadmin-hackers On Tue, Sep 30, 2025 at 11:41 AM Aditya Toshniwal < [email protected]> wrote: > Hi Akshay, > > On Tue, Sep 30, 2025 at 11:36 AM Akshay Joshi < > [email protected]> wrote: > >> >> >> On Tue, Sep 30, 2025 at 11:29 AM Aditya Toshniwal < >> [email protected]> wrote: >> >>> Hi Akshay, >>> >>> Even if you show the password dialog for the first time, the above >>> scenarios are applicable. >>> For the context of showing the password prompt first time or not - I'm >>> suggesting we try first and then show the password prompt. >>> >> >> I tried that implementation, but what if the user doesn’t want a >> password prompt at all when the identity file has no password? Do you think >> the solution you provided fully meets the user’s requirements? >> > It will work the same as the existing flow. Users can proceed without > entering any password. > That’s exactly what the user doesn’t want. The feature request has a clear subject line: *“Option to skip Password-Dialog for identity file.”* Similar requests have been raised by other users in the past, which we closed as duplicates. > >>> On Tue, Sep 30, 2025 at 11:16 AM Akshay Joshi < >>> [email protected]> wrote: >>> >>>> Hi Aditya, >>>> >>>> I already mentioned that I tried the same solution you suggested, but >>>> there are a few combinations where it’s unclear when exactly we should >>>> prompt for the tunnel password. For example, assuming an SSH tunnel with an >>>> identity file that does not have a password: >>>> >>>> 1. >>>> >>>> When a user connects to the server for the first time, the password >>>> dialog for the database server appears if the password has not been saved. >>>> If the user enters the wrong password, the error we receive is “SSHTunnel >>>> failed to create.” In this case, it’s unclear whether we should prompt for >>>> the tunnel password or not. >>>> 2. >>>> >>>> If the SSH tunnel fails to create for reasons other than >>>> authentication, the error from the sshtunnel library is not descriptive >>>> enough. Again, we don’t know whether prompting for the password is >>>> appropriate. >>>> >>>> Suppose we always prompt for the password after a connection attempt. >>>> In that case, the original issue remains; users don’t want to see a prompt >>>> if an identity file without a password is provided. >>>> >>>> That’s why I believe the solution I proposed is the simplest and most >>>> user-friendly: if users don’t want to be prompted, they can simply disable >>>> the prompt option from the server dialog. >>>> >>>> On Tue, Sep 30, 2025 at 10:33 AM Aditya Toshniwal < >>>> [email protected]> wrote: >>>> >>>>> Hi Akshay, >>>>> >>>>> How about we prompt for password irrespective of what is the error >>>>> from sshtunnel library? >>>>> Try to connect without a password for identity file based, if any >>>>> error comes then ask for password along with displaying the error message. >>>>> No need to bother what the error is about. >>>>> >>>>> On Mon, Sep 29, 2025 at 7:27 PM Akshay Joshi < >>>>> [email protected]> wrote: >>>>> >>>>>> Hi Dave/Hackers, >>>>>> >>>>>> I am working on the feature "Option to Skip Password Dialog for >>>>>> Identity File" #6996 >>>>>> <https://github.com/pgadmin-org/pgadmin4/issues/6996;. >>>>>> >>>>>> I initially tried implementing it so that the tunnel password would >>>>>> not be requested upfront, and would only be prompted on error. However, the >>>>>> *sshtunnel* library currently returns a generic error message, for >>>>>> which I have created an issue on the SSHTunnel GitHub repository #305 >>>>>> <https://github.com/pahaz/sshtunnel/issues/305;. >>>>>> >>>>>> This approach introduces multiple scenarios for when to prompt for >>>>>> the tunnel password, making the code more complex and harder to maintain. >>>>>> >>>>>> *Proposed solution:* >>>>>> Add a new switch *"Prompt for password?"* in the server dialog under >>>>>> the *SSHTunnel* tab. By default, the switch is set to *false* and is >>>>>> enabled only when the authentication method is *Identity File*. See >>>>>> the screenshot below for reference. >>>>>> [image: Screenshot 2025-09-29 at 7.12.17 PM.png] >>>>>> >>>>>> Thoughts/suggestions? >>>>>> >>>>>> >>>>>> Akshay Joshi >>>>>> >>>>>> Principal Engineer | Engineering Manager | pgAdmin Hacker >>>>>> >>>>>> enterprisedb.com >>>>>> >>>>>> * Blog*: https://www.enterprisedb.com/akshay-joshi >>>>>> * GitHub*: https://github.com/akshay-joshi >>>>>> * LinkedIn*: https:// <http://goog_373708537; >>>>>> www.linkedin.com/in/akshay-joshi-a9317b14 >>>>>> >>>>> >>>>> >>>>> -- >>>>> Thanks, >>>>> Aditya Toshniwal >>>>> pgAdmin Hacker | Sr. Staff SDE II | *enterprisedb.com* >>>>> <https://www.enterprisedb.com/; >>>>> "Don't Complain about Heat, Plant a TREE" >>>>> >>>> >>> >>> -- >>> Thanks, >>> Aditya Toshniwal >>> pgAdmin Hacker | Sr. Staff SDE II | *enterprisedb.com* >>> <https://www.enterprisedb.com/; >>> "Don't Complain about Heat, Plant a TREE" >>> >> > > -- > Thanks, > Aditya Toshniwal > pgAdmin Hacker | Sr. Staff SDE II | *enterprisedb.com* > <https://www.enterprisedb.com/; > "Don't Complain about Heat, Plant a TREE" > Attachments: [image/png] Screenshot 2025-09-29 at 7.12.17 PM.png (138.4K, 3-Screenshot%202025-09-29%20at%207.12.17%E2%80%AFPM.png) download | view image ^ permalink raw reply [nested|flat] 10+ messages in thread
* Re: Regarding feature "Option to skip Password-Dialog for identity file" @ 2025-09-30 06:25 Aditya Toshniwal <[email protected]> parent: Akshay Joshi <[email protected]> 0 siblings, 1 reply; 10+ messages in thread From: Aditya Toshniwal @ 2025-09-30 06:25 UTC (permalink / raw) To: Akshay Joshi <[email protected]>; +Cc: Dave Page <[email protected]>; pgadmin-hackers Hi Akshay, On Tue, Sep 30, 2025 at 11:50 AM Akshay Joshi <[email protected]> wrote: > > > On Tue, Sep 30, 2025 at 11:41 AM Aditya Toshniwal < > [email protected]> wrote: > >> Hi Akshay, >> >> On Tue, Sep 30, 2025 at 11:36 AM Akshay Joshi < >> [email protected]> wrote: >> >>> >>> >>> On Tue, Sep 30, 2025 at 11:29 AM Aditya Toshniwal < >>> [email protected]> wrote: >>> >>>> Hi Akshay, >>>> >>>> Even if you show the password dialog for the first time, the above >>>> scenarios are applicable. >>>> For the context of showing the password prompt first time or not - I'm >>>> suggesting we try first and then show the password prompt. >>>> >>> >>> I tried that implementation, but what if the user doesn’t want a >>> password prompt at all when the identity file has no password? Do you think >>> the solution you provided fully meets the user’s requirements? >>> >> It will work the same as the existing flow. Users can proceed without >> entering any password. >> > > That’s exactly what the user doesn’t want. The feature request has a > clear subject line: *“Option to skip Password-Dialog for identity file.”* > Similar requests have been raised by other users in the past, which we > closed as duplicates. > The request is to skip the password initially when connecting if an identity file is used. Subsequent prompts cannot be avoided if the connection fails. Later this can be improved further in future once sshtunnel provide more details. > >>>> On Tue, Sep 30, 2025 at 11:16 AM Akshay Joshi < >>>> [email protected]> wrote: >>>> >>>>> Hi Aditya, >>>>> >>>>> I already mentioned that I tried the same solution you suggested, but >>>>> there are a few combinations where it’s unclear when exactly we should >>>>> prompt for the tunnel password. For example, assuming an SSH tunnel with an >>>>> identity file that does not have a password: >>>>> >>>>> 1. >>>>> >>>>> When a user connects to the server for the first time, the >>>>> password dialog for the database server appears if the password has not >>>>> been saved. If the user enters the wrong password, the error we receive is >>>>> “SSHTunnel failed to create.” In this case, it’s unclear whether we should >>>>> prompt for the tunnel password or not. >>>>> 2. >>>>> >>>>> If the SSH tunnel fails to create for reasons other than >>>>> authentication, the error from the sshtunnel library is not descriptive >>>>> enough. Again, we don’t know whether prompting for the password is >>>>> appropriate. >>>>> >>>>> Suppose we always prompt for the password after a connection attempt. >>>>> In that case, the original issue remains; users don’t want to see a prompt >>>>> if an identity file without a password is provided. >>>>> >>>>> That’s why I believe the solution I proposed is the simplest and most >>>>> user-friendly: if users don’t want to be prompted, they can simply disable >>>>> the prompt option from the server dialog. >>>>> >>>>> On Tue, Sep 30, 2025 at 10:33 AM Aditya Toshniwal < >>>>> [email protected]> wrote: >>>>> >>>>>> Hi Akshay, >>>>>> >>>>>> How about we prompt for password irrespective of what is the error >>>>>> from sshtunnel library? >>>>>> Try to connect without a password for identity file based, if any >>>>>> error comes then ask for password along with displaying the error message. >>>>>> No need to bother what the error is about. >>>>>> >>>>>> On Mon, Sep 29, 2025 at 7:27 PM Akshay Joshi < >>>>>> [email protected]> wrote: >>>>>> >>>>>>> Hi Dave/Hackers, >>>>>>> >>>>>>> I am working on the feature "Option to Skip Password Dialog for >>>>>>> Identity File" #6996 >>>>>>> <https://github.com/pgadmin-org/pgadmin4/issues/6996;. >>>>>>> >>>>>>> I initially tried implementing it so that the tunnel password would >>>>>>> not be requested upfront, and would only be prompted on error. However, the >>>>>>> *sshtunnel* library currently returns a generic error message, for >>>>>>> which I have created an issue on the SSHTunnel GitHub repository >>>>>>> #305 <https://github.com/pahaz/sshtunnel/issues/305;. >>>>>>> >>>>>>> This approach introduces multiple scenarios for when to prompt for >>>>>>> the tunnel password, making the code more complex and harder to maintain. >>>>>>> >>>>>>> *Proposed solution:* >>>>>>> Add a new switch *"Prompt for password?"* in the server dialog >>>>>>> under the *SSHTunnel* tab. By default, the switch is set to *false* >>>>>>> and is enabled only when the authentication method is *Identity >>>>>>> File*. See the screenshot below for reference. >>>>>>> [image: Screenshot 2025-09-29 at 7.12.17 PM.png] >>>>>>> >>>>>>> Thoughts/suggestions? >>>>>>> >>>>>>> >>>>>>> Akshay Joshi >>>>>>> >>>>>>> Principal Engineer | Engineering Manager | pgAdmin Hacker >>>>>>> >>>>>>> enterprisedb.com >>>>>>> >>>>>>> * Blog*: https://www.enterprisedb.com/akshay-joshi >>>>>>> * GitHub*: https://github.com/akshay-joshi >>>>>>> * LinkedIn*: https:// <http://goog_373708537; >>>>>>> www.linkedin.com/in/akshay-joshi-a9317b14 >>>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> Thanks, >>>>>> Aditya Toshniwal >>>>>> pgAdmin Hacker | Sr. Staff SDE II | *enterprisedb.com* >>>>>> <https://www.enterprisedb.com/; >>>>>> "Don't Complain about Heat, Plant a TREE" >>>>>> >>>>> >>>> >>>> -- >>>> Thanks, >>>> Aditya Toshniwal >>>> pgAdmin Hacker | Sr. Staff SDE II | *enterprisedb.com* >>>> <https://www.enterprisedb.com/; >>>> "Don't Complain about Heat, Plant a TREE" >>>> >>> >> >> -- >> Thanks, >> Aditya Toshniwal >> pgAdmin Hacker | Sr. Staff SDE II | *enterprisedb.com* >> <https://www.enterprisedb.com/; >> "Don't Complain about Heat, Plant a TREE" >> > -- Thanks, Aditya Toshniwal pgAdmin Hacker | Sr. Staff SDE II | *enterprisedb.com* <https://www.enterprisedb.com/; "Don't Complain about Heat, Plant a TREE" Attachments: [image/png] Screenshot 2025-09-29 at 7.12.17 PM.png (138.4K, 3-Screenshot%202025-09-29%20at%207.12.17%E2%80%AFPM.png) download | view image ^ permalink raw reply [nested|flat] 10+ messages in thread
* Re: Regarding feature "Option to skip Password-Dialog for identity file" @ 2025-09-30 07:37 Akshay Joshi <[email protected]> parent: Aditya Toshniwal <[email protected]> 0 siblings, 1 reply; 10+ messages in thread From: Akshay Joshi @ 2025-09-30 07:37 UTC (permalink / raw) To: Aditya Toshniwal <[email protected]>; +Cc: Dave Page <[email protected]>; pgadmin-hackers On Tue, Sep 30, 2025 at 11:56 AM Aditya Toshniwal < [email protected]> wrote: > Hi Akshay, > > On Tue, Sep 30, 2025 at 11:50 AM Akshay Joshi < > [email protected]> wrote: > >> >> >> On Tue, Sep 30, 2025 at 11:41 AM Aditya Toshniwal < >> [email protected]> wrote: >> >>> Hi Akshay, >>> >>> On Tue, Sep 30, 2025 at 11:36 AM Akshay Joshi < >>> [email protected]> wrote: >>> >>>> >>>> >>>> On Tue, Sep 30, 2025 at 11:29 AM Aditya Toshniwal < >>>> [email protected]> wrote: >>>> >>>>> Hi Akshay, >>>>> >>>>> Even if you show the password dialog for the first time, the above >>>>> scenarios are applicable. >>>>> For the context of showing the password prompt first time or not - I'm >>>>> suggesting we try first and then show the password prompt. >>>>> >>>> >>>> I tried that implementation, but what if the user doesn’t want a >>>> password prompt at all when the identity file has no password? Do you think >>>> the solution you provided fully meets the user’s requirements? >>>> >>> It will work the same as the existing flow. Users can proceed without >>> entering any password. >>> >> >> That’s exactly what the user doesn’t want. The feature request has a >> clear subject line: *“Option to skip Password-Dialog for identity file.”* >> Similar requests have been raised by other users in the past, which we >> closed as duplicates. >> > The request is to skip the password initially when connecting if an > identity file is used. Subsequent prompts cannot be avoided if the > connection fails. > Later this can be improved further in future once sshtunnel provide more > details. > I’m not convinced by this solution. Could you explain what issues you see with the approach I proposed? To me, it seems simple: if a user has an identity file without a password, disable the prompt; if the identity file has a password, enable the prompt. Straightforward. I’ll wait for Dave or others to share their thoughts on this. > >>>>> On Tue, Sep 30, 2025 at 11:16 AM Akshay Joshi < >>>>> [email protected]> wrote: >>>>> >>>>>> Hi Aditya, >>>>>> >>>>>> I already mentioned that I tried the same solution you suggested, but >>>>>> there are a few combinations where it’s unclear when exactly we should >>>>>> prompt for the tunnel password. For example, assuming an SSH tunnel with an >>>>>> identity file that does not have a password: >>>>>> >>>>>> 1. >>>>>> >>>>>> When a user connects to the server for the first time, the >>>>>> password dialog for the database server appears if the password has not >>>>>> been saved. If the user enters the wrong password, the error we receive is >>>>>> “SSHTunnel failed to create.” In this case, it’s unclear whether we should >>>>>> prompt for the tunnel password or not. >>>>>> 2. >>>>>> >>>>>> If the SSH tunnel fails to create for reasons other than >>>>>> authentication, the error from the sshtunnel library is not descriptive >>>>>> enough. Again, we don’t know whether prompting for the password is >>>>>> appropriate. >>>>>> >>>>>> Suppose we always prompt for the password after a connection attempt. >>>>>> In that case, the original issue remains; users don’t want to see a prompt >>>>>> if an identity file without a password is provided. >>>>>> >>>>>> That’s why I believe the solution I proposed is the simplest and most >>>>>> user-friendly: if users don’t want to be prompted, they can simply disable >>>>>> the prompt option from the server dialog. >>>>>> >>>>>> On Tue, Sep 30, 2025 at 10:33 AM Aditya Toshniwal < >>>>>> [email protected]> wrote: >>>>>> >>>>>>> Hi Akshay, >>>>>>> >>>>>>> How about we prompt for password irrespective of what is the error >>>>>>> from sshtunnel library? >>>>>>> Try to connect without a password for identity file based, if any >>>>>>> error comes then ask for password along with displaying the error message. >>>>>>> No need to bother what the error is about. >>>>>>> >>>>>>> On Mon, Sep 29, 2025 at 7:27 PM Akshay Joshi < >>>>>>> [email protected]> wrote: >>>>>>> >>>>>>>> Hi Dave/Hackers, >>>>>>>> >>>>>>>> I am working on the feature "Option to Skip Password Dialog for >>>>>>>> Identity File" #6996 >>>>>>>> <https://github.com/pgadmin-org/pgadmin4/issues/6996;. >>>>>>>> >>>>>>>> I initially tried implementing it so that the tunnel password would >>>>>>>> not be requested upfront, and would only be prompted on error. However, the >>>>>>>> *sshtunnel* library currently returns a generic error message, for >>>>>>>> which I have created an issue on the SSHTunnel GitHub repository >>>>>>>> #305 <https://github.com/pahaz/sshtunnel/issues/305;. >>>>>>>> >>>>>>>> This approach introduces multiple scenarios for when to prompt for >>>>>>>> the tunnel password, making the code more complex and harder to maintain. >>>>>>>> >>>>>>>> *Proposed solution:* >>>>>>>> Add a new switch *"Prompt for password?"* in the server dialog >>>>>>>> under the *SSHTunnel* tab. By default, the switch is set to *false* >>>>>>>> and is enabled only when the authentication method is *Identity >>>>>>>> File*. See the screenshot below for reference. >>>>>>>> [image: Screenshot 2025-09-29 at 7.12.17 PM.png] >>>>>>>> >>>>>>>> Thoughts/suggestions? >>>>>>>> >>>>>>>> >>>>>>>> Akshay Joshi >>>>>>>> >>>>>>>> Principal Engineer | Engineering Manager | pgAdmin Hacker >>>>>>>> >>>>>>>> enterprisedb.com >>>>>>>> >>>>>>>> * Blog*: https://www.enterprisedb.com/akshay-joshi >>>>>>>> * GitHub*: https://github.com/akshay-joshi >>>>>>>> * LinkedIn*: https:// <http://goog_373708537; >>>>>>>> www.linkedin.com/in/akshay-joshi-a9317b14 >>>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> Thanks, >>>>>>> Aditya Toshniwal >>>>>>> pgAdmin Hacker | Sr. Staff SDE II | *enterprisedb.com* >>>>>>> <https://www.enterprisedb.com/; >>>>>>> "Don't Complain about Heat, Plant a TREE" >>>>>>> >>>>>> >>>>> >>>>> -- >>>>> Thanks, >>>>> Aditya Toshniwal >>>>> pgAdmin Hacker | Sr. Staff SDE II | *enterprisedb.com* >>>>> <https://www.enterprisedb.com/; >>>>> "Don't Complain about Heat, Plant a TREE" >>>>> >>>> >>> >>> -- >>> Thanks, >>> Aditya Toshniwal >>> pgAdmin Hacker | Sr. Staff SDE II | *enterprisedb.com* >>> <https://www.enterprisedb.com/; >>> "Don't Complain about Heat, Plant a TREE" >>> >> > > -- > Thanks, > Aditya Toshniwal > pgAdmin Hacker | Sr. Staff SDE II | *enterprisedb.com* > <https://www.enterprisedb.com/; > "Don't Complain about Heat, Plant a TREE" > Attachments: [image/png] Screenshot 2025-09-29 at 7.12.17 PM.png (138.4K, 3-Screenshot%202025-09-29%20at%207.12.17%E2%80%AFPM.png) download | view image ^ permalink raw reply [nested|flat] 10+ messages in thread
* Re: Regarding feature "Option to skip Password-Dialog for identity file" @ 2025-09-30 08:10 Dave Page <[email protected]> parent: Akshay Joshi <[email protected]> 0 siblings, 0 replies; 10+ messages in thread From: Dave Page @ 2025-09-30 08:10 UTC (permalink / raw) To: Akshay Joshi <[email protected]>; +Cc: Aditya Toshniwal <[email protected]>; pgadmin-hackers On Tue, 30 Sept 2025 at 08:37, Akshay Joshi <[email protected]> wrote: > > > On Tue, Sep 30, 2025 at 11:56 AM Aditya Toshniwal < > [email protected]> wrote: > >> Hi Akshay, >> >> On Tue, Sep 30, 2025 at 11:50 AM Akshay Joshi < >> [email protected]> wrote: >> >>> >>> >>> On Tue, Sep 30, 2025 at 11:41 AM Aditya Toshniwal < >>> [email protected]> wrote: >>> >>>> Hi Akshay, >>>> >>>> On Tue, Sep 30, 2025 at 11:36 AM Akshay Joshi < >>>> [email protected]> wrote: >>>> >>>>> >>>>> >>>>> On Tue, Sep 30, 2025 at 11:29 AM Aditya Toshniwal < >>>>> [email protected]> wrote: >>>>> >>>>>> Hi Akshay, >>>>>> >>>>>> Even if you show the password dialog for the first time, the above >>>>>> scenarios are applicable. >>>>>> For the context of showing the password prompt first time or not - >>>>>> I'm suggesting we try first and then show the password prompt. >>>>>> >>>>> >>>>> I tried that implementation, but what if the user doesn’t want a >>>>> password prompt at all when the identity file has no password? Do you think >>>>> the solution you provided fully meets the user’s requirements? >>>>> >>>> It will work the same as the existing flow. Users can proceed without >>>> entering any password. >>>> >>> >>> That’s exactly what the user doesn’t want. The feature request has a >>> clear subject line: *“Option to skip Password-Dialog for identity >>> file.”* Similar requests have been raised by other users in the past, >>> which we closed as duplicates. >>> >> The request is to skip the password initially when connecting if an >> identity file is used. Subsequent prompts cannot be avoided if the >> connection fails. >> Later this can be improved further in future once sshtunnel provide more >> details. >> > I’m not convinced by this solution. Could you explain what issues you see > with the approach I proposed? To me, it seems simple: if a user has an > identity file without a password, disable the prompt; if the identity file > has a password, enable the prompt. Straightforward. > I’ll wait for Dave or others to share their thoughts on this. > I'd prefer to try to handle this more as Aditya suggests, to avoid having an additional config option. However, it certainly sounds like the ssh library makes this impractical and potentially confusing, so I think the cleanest and most usable solution is likely to add the "Prompt for password" checkbox that Akshay suggests. -- Dave Page pgAdmin: https://www.pgadmin.org PostgreSQL: https://www.postgresql.org pgEdge: https://www.pgedge.com ^ permalink raw reply [nested|flat] 10+ messages in thread
end of thread, other threads:[~2025-09-30 08:10 UTC | newest] Thread overview: 10+ messages (download: mbox.gz follow: Atom feed) -- links below jump to the message on this page -- 2025-09-29 13:57 Regarding feature "Option to skip Password-Dialog for identity file" Akshay Joshi <[email protected]> 2025-09-30 05:03 ` Aditya Toshniwal <[email protected]> 2025-09-30 05:46 ` Akshay Joshi <[email protected]> 2025-09-30 05:58 ` Aditya Toshniwal <[email protected]> 2025-09-30 06:06 ` Akshay Joshi <[email protected]> 2025-09-30 06:11 ` Aditya Toshniwal <[email protected]> 2025-09-30 06:20 ` Akshay Joshi <[email protected]> 2025-09-30 06:25 ` Aditya Toshniwal <[email protected]> 2025-09-30 07:37 ` Akshay Joshi <[email protected]> 2025-09-30 08:10 ` Dave Page <[email protected]>
This inbox is served by agora; see mirroring instructions for how to clone and mirror all data and code used for this inbox