![]() If the file already exists, edit it, and add the line. In the same directory, create a file called config_local.py, and add a line that reads: This is normally in a top-level directory called web. Can I disable the Master Password? Yes, though we strongly advise against doing so! To do so, find the config.py file that is part of your pgAdmin installation. I know my system is secure and can't possibly get infected with malware. ![]() The Master Password mitigates this problem by ensuring that the key data is never stored on disk. Such malware could be part of another piece of software or something installed utilising a browser vulnerability for example. ![]() Malware that may have been inadvertently installed may be able to transmit the saved password database and key data to an attacker. Unfortunately this ability isn't limited to administrative users of the machine(s) containing the saved passwords and key data as you might immediately think. By examining the source code another user with the ability to access the encrypted passwords and the data used to generate the keys would be able to decrypt the saved passwords. Without the Master Password (or something similar that is supplied by the user), the encryption keys must be generated from data that is stored on-disk in a location known to pgAdmin. The Master Password is used to securely encrypt any credentials that you choose to save when using pgAdmin. What is the Master Password, and how do I use it or remove it? We have done extensive evaluation and testing of various ways of managing files in pgAdmin 4, and have consistently found that using our own dialogues provides the best experience (one that we continue to refine and improve with user feedback). There are no "native dialogues" for working with files stored on a web server in this way, so we have to implement our own.
0 Comments
Leave a Reply. |