Thread: pgAdmin Saved Password Security
Hi,
I am new to pgAdmin and PostgreSQL. I am configuring a new server connection and I can see there's an option to save my server's password.
How secure is this option? Does it save my password as plaintext or does it save inside Windows protection or other form of encryption?
Best wishes,
Michel.
Hi
On Wed, Apr 17, 2019 at 7:20 AM Michel Feinstein <michelfeinstein@gmail.com> wrote:
Hi,I am new to pgAdmin and PostgreSQL. I am configuring a new server connection and I can see there's an option to save my server's password.How secure is this option? Does it save my password as plaintext or does it save inside Windows protection or other form of encryption?
It uses AES encryption in CFB8 mode provided by the Python encryption module. The data is then base64 encoded and stored in the SQLite configuration database that holds user settings.
Dave Page
Blog: http://pgsnake.blogspot.com
Twitter: @pgsnake
EnterpriseDB UK: http://www.enterprisedb.com
The Enterprise PostgreSQL Company
Blog: http://pgsnake.blogspot.com
Twitter: @pgsnake
EnterpriseDB UK: http://www.enterprisedb.com
The Enterprise PostgreSQL Company
Hi Dave,
Thank you for your response.
Where and how is the AES key safely stored then, in order to decript the encrypted password? Or upon choosing to save a password we have to enter a master password?
Best wishes,
Michel.
On Wed, Apr 17, 2019, 05:05 Dave Page <dpage@pgadmin.org> wrote:
HiOn Wed, Apr 17, 2019 at 7:20 AM Michel Feinstein <michelfeinstein@gmail.com> wrote:Hi,I am new to pgAdmin and PostgreSQL. I am configuring a new server connection and I can see there's an option to save my server's password.How secure is this option? Does it save my password as plaintext or does it save inside Windows protection or other form of encryption?It uses AES encryption in CFB8 mode provided by the Python encryption module. The data is then base64 encoded and stored in the SQLite configuration database that holds user settings.--Dave Page
Blog: http://pgsnake.blogspot.com
Twitter: @pgsnake
EnterpriseDB UK: http://www.enterprisedb.com
The Enterprise PostgreSQL Company