Hi Neil,
pgAdmin tries to access the passwords saved by pgAdmin for each server here and that's why it is asking multiple times. "Always allow" means pgAdmin can access the passwords saved by pgAdmin any number of times. We can try to add a check if the password is stored then only access, but that will only reduce the count of "asks" if that's what you want.
As mentioned by Nikhil, pgAdmin backend runs in a python process and when you allow it you're allowing that process only. Once you close pgAdmin, the backend process stops and permissions are gone as well.
Nikhil,
A couple of problems. “Always allow” does not sound python pid specific. Are you saying that it is? If I just click “Allow”, I have to do the same for every defined connections even if the connection is not being used. As far as I know I don’t have any stored passwords. I think someone should seriously reconsider how this all works.
I cannot find any place to select “Do not store passwords” which would be fine for me.
Neil
Hi Neil,
pgAdmin uses a Keychain to store the pgAdmin server passwords if users opt for save password functionality. Keychain access is Python process-specific. Hence allowing keychain access to the python process requested by pgAdmin will be specific to this python pid. We are trying to add a pgAdmin name in the waring where it asks to allow keychain access.
When I start pgAdmin on macOS, I get a request to allow ‘Python' access to my keychain.
Allowing ‘Python' unfettered access to my keychain is not acceptable. I would however, allow pgAdmin to access my keychain.
I understand that pgAdmin is using python.
Can someone explain or point to an explanation about the security implications of allowing ‘Python' to access my keychain?
Is this really an unlimited authority for any Python process to access my keychain as the dialog implies?
Thanks,
Neil
Thanks,
Nikhil
-- Thanks,Aditya Toshniwal
"Don't Complain about Heat, Plant a TREE"