Comments (8)
gboudreau
commented on May 16, 2024
1
We can just look in the file, and if we see PRIVATE KEY----- twice, it should be good.
Most ppl use RSA keys, which contain -----BEGIN RSA PRIVATE KEY----- and the equivalent end tag, but I myself use an ED25519 key, which contains -----BEGIN OPENSSH PRIVATE KEY-----. Looking for just the common suffix should be good enough.
from sequel-ace.
jamesstout
commented on May 16, 2024
1
I've updated my branch with some better validation: https://github.com/jamesstout/Sequel-Ace/tree/more-permissions
from sequel-ace.
jamesstout
commented on May 16, 2024
Should be a simple change to this validation:
Sequel-Ace/Source/SPConnectionController.m
Lines 616 to 620 in 3995181
EDIT: No, not as simple as that, SP of course has it's own data/line parsing code....
from sequel-ace.
jamesstout
commented on May 16, 2024
Most ppl use RSA keys, which contain
-----BEGIN RSA PRIVATE KEY-----and the equivalent end tag, but I myself use an ED25519 key, which contains-----BEGIN OPENSSH PRIVATE KEY-----. Looking for just the common suffix should be good enough.
What does your cert file have as first/last lines?
from sequel-ace.
gboudreau
commented on May 16, 2024
-----BEGIN OPENSSH PRIVATE KEY-----
...
-----END OPENSSH PRIVATE KEY-----
from sequel-ace.
Jason-Morcos
commented on May 16, 2024
I've updated my branch with some better validation: https://github.com/jamesstout/Sequel-Ace/tree/more-permissions
Looks good to me!
With SecurityScopedBookmarks, do we have to somehow start accessing the specific bookmark when we begin a connection and end it out when we close the connection? How does that work with quitting and reopening the app?
from sequel-ace.
jamesstout
commented on May 16, 2024
With SecurityScopedBookmarks, do we have to somehow start accessing the specific bookmark when we begin a connection and end it out when we close the connection? How does that work with quitting and reopening the app?
Ah, that's a good point, I've forgotten to relinquish access with stopAccessingSecurityScopedResource. In the export controller, I relinquish access when the export ends. We no longer need access.
For the connection controller, we [currently] copy the key to the sandbox, so could call stopAccessingSecurityScopedResource as soon as the key/cert is validated and copied.
However, there was discussion about no longer copying the keys: #52 (comment), so I'd have to figure out where to relinquish access. Maybe after the connection completes. I haven't looked at the actual connection code to see if it retries, or needs the key to keep alive.
I'll have a look later.
from sequel-ace.
jamesstout
commented on May 16, 2024
I've put stopAccessingSecurityScopedResource in _documentWillClose and dealloc. Please see the branch mentioned above.
from sequel-ace.
Related Issues (20)
- The table editing doesn't support expression default values HOT 1
- display first line of query/script as window title HOT 1
- Recommendations on UI layout HOT 3
- authentication_oci_client.so HOT 1
- For the same mysql server, Sequel-Pro can connect but Sequel-Ace cannot HOT 4
- Waiting to connect on one tab/window should not lock up the entire application.
- View Structure shows incorrect collations HOT 3
- App freezes when trying to reconnect after host key changes HOT 1
- Can't select ssh key in SSH connection HOT 2
- Right-click Copy and insert on duplicate key update
- Not using SSH Agent when choosing SSH key. Asking for passkey every time. HOT 2
- Freezing on Launch HOT 7
- Please make a function to choose a language HOT 2
- Can't connect via SSH HOT 12
- Not escaping singel quotes (')
- possible to set the PATH used by app? HOT 1
- Connect to the localhost using TCP HOT 7
- Invalid configuration written to SSH config file after a successful connection HOT 1
- Program Crashes Frequently - Namespace SIGNAL, Code 6 Abort trap: 6 HOT 1
- Changing column name on UUID type (MariaDB) fails HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from sequel-ace.