| From: | Michel Feinstein <michelfeinstein(at)gmail(dot)com> |
|---|---|
| To: | Dave Page <dpage(at)pgadmin(dot)org> |
| Cc: | "pgadmin-support lists(dot)postgresql(dot)org" <pgadmin-support(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: pgAdmin Saved Password Security |
| Date: | 2019-04-17 13:24:13 |
| Message-ID: | CAEg4jbO0UOUcE9iB+1=z8s5UALnpUXG3SfNKDh0zvED6J0Rvcg@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgadmin-support |
Hi Dave,
Thank you for your response.
Where and how is the AES key safely stored then, in order to decript the
encrypted password? Or upon choosing to save a password we have to enter a
master password?
Best wishes,
Michel.
On Wed, Apr 17, 2019, 05:05 Dave Page <dpage(at)pgadmin(dot)org> wrote:
> Hi
>
> On Wed, Apr 17, 2019 at 7:20 AM Michel Feinstein <
> michelfeinstein(at)gmail(dot)com> wrote:
>
>> Hi,
>>
>> I am new to pgAdmin and PostgreSQL. I am configuring a new server
>> connection and I can see there's an option to save my server's password.
>>
>> How secure is this option? Does it save my password as plaintext or does
>> it save inside Windows protection or other form of encryption?
>>
>
> It uses AES encryption in CFB8 mode provided by the Python encryption
> module. The data is then base64 encoded and stored in the SQLite
> configuration database that holds user settings.
>
> --
> Dave Page
> Blog: http://pgsnake.blogspot.com
> Twitter: @pgsnake
>
> EnterpriseDB UK: http://www.enterprisedb.com
> The Enterprise PostgreSQL Company
>
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2019-04-17 14:02:10 | Re: Performance killed with FDW when using CAST. |
| Previous Message | Dave Page | 2019-04-17 08:05:43 | Re: pgAdmin Saved Password Security |