Re: Please give pgAdmin 4 its own GUI. The constant password inputs are driving me insane...

Guys I think we should take a breather on both sides, all I did was ask for
clarification on why it was implemented. While I appreciate it, there's no
need to sympathise with me, I don't have any feelings regarding it. Only
that me as personal user does not need it. The original somewhat
confrontational/ranty email was by someone else. Maybe replying to that was
a bad idea since it may have set up the tone for the rest of the
conversation.

I think corporate security needs to be prioritised over the slight
inconvenience presented to personal users. I think it is okay to be enabled
by default. Perhaps maybe a more convenient menu option to turn it off
would be nice, (but I am not asking for it maybe I'll get around to it when
I have the time.)

Peace ✌

On Thu, Jul 25, 2019 at 6:56 PM richard coleman <rcoleman(dot)ascentgl(at)gmail(dot)com>
wrote:

> Dave,
>
> There is no attack of any kind in that post. I am sympathizing with
> Avin. While I agree that there are use cases where a *master password* feature
> makes sense, I disagree that it is the *majority* of cases, or even
> applicable to the *majority* of users. Therefore I believe that it is
> *implemented* poorly. If history is any guide there will be plenty more
> users stumbling across this list frustrated and just wanting to know how to
> 'get rid of' or simply 'turn it off'.
>
> So where I wrote sympathy and solutions, you choose to see attacks. I
> think that says more about you than about myself.
>
> If the pgAdmin developers want *nothing* but praise and the occasional
> sterile bug report they should probably stop reading, or shut down this
> list. After all, a link to the redmine bug report page
> <https://redmine.postgresql.org> would suffice for the latter.
>
> Whether writing commercial or open source software, paid or volunteer,
> some people are *not* going to agree with your choices or decisions (just
> as Linus). As long as we are criticizing the software and not the people
> writing it, the software and all of us, end up better for it.
>
> I hope you take the time to think about what I've written,
>
> rik.
>
>
>
>
> On Thu, Jul 25, 2019 at 8:49 AM Dave Page <dpage(at)pgadmin(dot)org> wrote:
>
>> Richard,
>>
>> On Thu, Jul 25, 2019 at 1:08 PM richard coleman <
>> rcoleman(dot)ascentgl(at)gmail(dot)com> wrote:
>>
>>> Avin,
>>>
>>> I agree, the master password *nonsense* was poorly implemented. I too
>>> wish the developers would rethink it. Until then there is a way to disable
>>> it by setting an option in a config file. I can provide more details if
>>> you would like (or you could look for other more expansive posts by myself
>>> on this topic in the list archives).
>>>
>>
>> You've made your feelings known many times now, and we're all well aware
>> of them - just as you are aware that there are legitimate security concerns
>> that caused it to be implemented (that were raised by end users), ones that
>> arguably warrant a medium level CVSS vulnerability score
>> (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N), and other concerns such as
>> allowing a network administrator to enforce security policy that led to the
>> design.
>>
>> Please refrain from any further remarks that disparage the work of people
>> who - in many cases, voluntarily - spend hundreds or thousands of hours of
>> their time developing software that you get to use freely. Constructive
>> feedback and better yet ideas or code are welcome always, but repeated
>> negativity that is borderline ad hominem is not.
>>
>> --
>> Dave Page
>> Blog: http://pgsnake.blogspot.com
>> Twitter: @pgsnake
>>
>>