Nikhil,
A couple of problems. “Always allow” does not sound python pid specific. Are you saying that it is? If I just click “Allow”, I have to do the same for every defined connections even if the connection is not being used. As far as I know I don’t have any stored passwords. I think someone should seriously reconsider how this all works.
I cannot find any place to select “Do not store passwords” which would be fine for me.
Neil
On Jan 1, 2024, at 4:23 AM, Nikhil Mohite <nikhil.mohite@enterprisedb.com> wrote:
Hi Neil,
pgAdmin uses a Keychain to store the pgAdmin server passwords if users opt for save password functionality. Keychain access is Python process-specific. Hence allowing keychain access to the python process requested by pgAdmin will be specific to this python pid. We are trying to add a pgAdmin name in the waring where it asks to allow keychain access.
When I start pgAdmin on macOS, I get a request to allow ‘Python' access to my keychain.
Allowing ‘Python' unfettered access to my keychain is not acceptable. I would however, allow pgAdmin to access my keychain.
I understand that pgAdmin is using python.
Can someone explain or point to an explanation about the security implications of allowing ‘Python' to access my keychain?
Is this really an unlimited authority for any Python process to access my keychain as the dialog implies?
Thanks,
Neil
Thanks,
Nikhil
