MCPcopy Index your code
hub / github.com/pgadmin-org/pgadmin4 / _open_session_file

Function _open_session_file

web/pgadmin/utils/session.py:115–132  ·  view source on GitHub ↗

Open a session file for writing with mode 0o600 (owner-only). Session files contain OAuth access/refresh tokens, AWS/Google/Azure cloud credentials, the Kerberos cache path, MFA OTP material, and `pass_enc_key` (the symmetric KEK used to decrypt the user's saved Postgres server pass

(path)

Source from the content-addressed store, hash-verified

113
114
115def _open_session_file(path):
116 """Open a session file for writing with mode 0o600 (owner-only).
117
118 Session files contain OAuth access/refresh tokens, AWS/Google/Azure
119 cloud credentials, the Kerberos cache path, MFA OTP material,
120 and `pass_enc_key` (the symmetric KEK used to decrypt the user's saved
121 Postgres server passwords). The default `open(path, 'wb')` uses the
122 process umask, which on most systems leaves files world-readable
123 (0o644). Force 0o600 so that even if the directory permissions are
124 misconfigured (e.g., a volume mount in a container with shared uids),
125 individual session files remain owner-only.
126 """
127 fd = os.open(
128 path,
129 os.O_WRONLY | os.O_CREAT | os.O_TRUNC,
130 0o600,
131 )
132 return os.fdopen(fd, 'wb')
133
134
135sess_lock = Lock()

Callers 2

new_sessionMethod · 0.85
putMethod · 0.85

Calls 1

openMethod · 0.45

Tested by

no test coverage detected