Home > mailing lists

Re: pgAdmin Saved Password Security - Mailing list pgadmin-support

From	Michel Feinstein
Subject	Re: pgAdmin Saved Password Security
Date	April 17, 2019 16:24:13
Msg-id	CAEg4jbO0UOUcE9iB+1=z8s5UALnpUXG3SfNKDh0zvED6J0Rvcg@mail.gmail.com Whole thread Raw
In response to	Re: pgAdmin Saved Password Security (Dave Page <dpage@pgadmin.org>)
List	pgadmin-support

Tree view

Hi Dave,

Thank you for your response.

Where and how is the AES key safely stored then, in order to decript the encrypted password? Or upon choosing to save a password we have to enter a master password?

Best wishes,

Michel.

On Wed, Apr 17, 2019, 05:05 Dave Page <dpage@pgadmin.org> wrote:

Hi

On Wed, Apr 17, 2019 at 7:20 AM Michel Feinstein <michelfeinstein@gmail.com> wrote:
Hi,

I am new to pgAdmin and PostgreSQL. I am configuring a new server connection and I can see there's an option to save my server's password.

How secure is this option? Does it save my password as plaintext or does it save inside Windows protection or other form of encryption?

It uses AES encryption in CFB8 mode provided by the Python encryption module. The data is then base64 encoded and stored in the SQLite configuration database that holds user settings.

--
Dave Page
Blog: http://pgsnake.blogspot.com
Twitter: @pgsnake

EnterpriseDB UK: http://www.enterprisedb.com
The Enterprise PostgreSQL Company

pgadmin-support by date:

From: Dave Page
Date: 17 April 2019, 11:05:43
Subject: Re: pgAdmin Saved Password Security

From: Justin Pryzby
Date: 17 April 2019, 21:32:31
Subject: DB password default

Re: pgAdmin Saved Password Security - Mailing list pgadmin-support

Previous

Next