Hi On Mon, Sep 4, 2017 at 2:55 PM, Murtuza Zabuawala < murtuza.zabuaw...@enterprisedb.com> wrote:
> Hi Dave, > > Can we at least commit the patch? > > In future, If user complaints regarding SSL default path behaviour in > server mode then adding default null file wouldn't be a big change if > required. > I'm not concerned about complaints on the behaviour, I'm concerned about complaints that it's a security risk if we have multiple users inadvertently able to read a certificate and key owned by the webserver account. Ashesh/Akshay - please read the thread and provide your feedback. Others chime in if you have anything as well please. Thanks. > > On Wed, Aug 30, 2017 at 2:23 PM, Dave Page <dp...@pgadmin.org> wrote: > >> Hi >> >> On Wed, Aug 30, 2017 at 6:49 AM, Murtuza Zabuawala < >> murtuza.zabuaw...@enterprisedb.com> wrote: >> >>> Hi Dave, >>> >>> PFA updated patch with new screenshots and docs accordingly. >>> >>> RM >>> # >>> 2649 >>> & RM# >>> 2650 >>> >>> On Tue, Aug 29, 2017 at 7:51 PM, Dave Page <dp...@pgadmin.org> wrote: >>> >>>> Hi >>>> >>>> On Fri, Aug 25, 2017 at 2:45 PM, Murtuza Zabuawala < >>>> murtuza.zabuaw...@enterprisedb.com> wrote: >>>> >>>>> Hi Dave, >>>>> >>>>> Please find updated patch, >>>>> - For displaying hidden files I have added preference option in >>>>> Storage section. >>>>> >>>> >>>> How painful would it be to include it on the file dialogue as well? >>>> >>> Done >>> >>> >>>> >>>> >>>>> - Updated Docs & Screenshots. >>>>> - User can use 'prefer' option to enable SSL options. >>>>> >>>> >>>> Cool. >>>> >>>> A couple of other things I realised in playing with this: >>>> >>>> 1) The SSL tab should come before Advanced I think. >>>> >>> Done >>> >>> >>>> >>>> 2) The docs now mention the default SSL files. In server mode, using >>>> defaults is probably a bad idea I suspect (because they would be shared). >>>> Should we force the values to /dev/null (and whatever is appropriate on >>>> Windows) if running in server mode? Users can always override that with >>>> something from their storage area. >>>> >>>> Thoughts? >>>> >>> In my opinion we should not force users to provide certificates, we >>> can let them decide how they want to configure it. >>> >> >> It's not about forcing them to provide them, it's about preventing them >> from using defaults which may be owned by the user that the app runs as on >> a server, but that should not be (unless explicitly allowed by the >> sysadmin) accessible to every pgAdmin user. >> >> Thoughts from others? Ashesh? >> >> -- >> Dave Page >> Blog: http://pgsnake.blogspot.com >> Twitter: @pgsnake >> >> EnterpriseDB UK: http://www.enterprisedb.com >> The Enterprise PostgreSQL Company >> > > -- Dave Page Blog: http://pgsnake.blogspot.com Twitter: @pgsnake EnterpriseDB UK: http://www.enterprisedb.com The Enterprise PostgreSQL Company
