Re: pgAdmin Saved Password Security

Поиск
Список
Период
Сортировка
От Michel Feinstein
Тема Re: pgAdmin Saved Password Security
Дата
Msg-id CAEg4jbO0UOUcE9iB+1=z8s5UALnpUXG3SfNKDh0zvED6J0Rvcg@mail.gmail.com
обсуждение исходный текст
Ответ на Re: pgAdmin Saved Password Security  (Dave Page <dpage@pgadmin.org>)
Список pgadmin-support
Дерево обсуждения
Hi Dave,

Thank you for your response. 

Where and how is the AES key safely  stored then, in order to decript the encrypted password? Or upon choosing to save a password we have to enter a master password? 

Best wishes, 

Michel. 


On Wed, Apr 17, 2019, 05:05 Dave Page <dpage@pgadmin.org> wrote:
Hi

On Wed, Apr 17, 2019 at 7:20 AM Michel Feinstein <michelfeinstein@gmail.com> wrote:
Hi,

I am new to pgAdmin and PostgreSQL. I am configuring a new server connection and I can see there's an option to save my server's password.

How secure is this option? Does it save my password as plaintext or does it save inside Windows protection or other form of encryption?

It uses AES encryption in CFB8 mode provided by the Python encryption module. The data is then base64 encoded and stored in the SQLite configuration database that holds user settings. 

--
Dave Page
Blog: http://pgsnake.blogspot.com
Twitter: @pgsnake

EnterpriseDB UK: http://www.enterprisedb.com
The Enterprise PostgreSQL Company

В списке pgadmin-support по дате отправления:

Предыдущее
От: Dave Page
Дата:
Сообщение: Re: pgAdmin Saved Password Security
Следующее
От: Justin Pryzby
Дата:
Сообщение: DB password default