Well, security is always a balance between how far your opponent is able to
go and how much you want to invest on your protection.
I agree that secret strings should live in memory for as brief as possible,
so maybe there could be an option for people that want to be prompted for
the Master Passwo
Michel,
On Thu, Jun 6, 2019 at 9:15 AM Michel Feinstein
wrote:
> *(if the malicious actor can steal the file they can also read the key
> from memory)*
>
> As far as I know it's a lot easier for a program to get access to all the
> files in a system (specially on Windows) than to dump the memory
*(if the malicious actor can steal the file they can also read the key from
memory)*
As far as I know it's a lot easier for a program to get access to all the
files in a system (specially on Windows) than to dump the memory, as there
are memory barriers protected by the OS (and address randomizati
Dave,
Thank you for getting back to me.
On Thu, Jun 6, 2019 at 5:01 AM Dave Page wrote:
>
>
> On Wed, Jun 5, 2019 at 7:29 PM richard coleman <
> rcoleman.ascen...@gmail.com> wrote:
>
>>
>> All passwords are stored in files of one sort or another. Hopefully
>>> those files are effectively encry
On Wed, Jun 5, 2019 at 7:29 PM richard coleman
wrote:
>
> All passwords are stored in files of one sort or another. Hopefully those
>> files are effectively encrypted (assuming of course that you had even had
>> pgAdmin4 save your passwords to begin with).
>>
>
Sure, in pgAdmin 4 they are (unlik
Dave,
On Wed, Jun 5, 2019 at 12:13 PM Dave Page wrote:
> Richard,
>
> On Wed, Jun 5, 2019 at 4:55 PM richard coleman <
> rcoleman.ascen...@gmail.com> wrote:
>
>> Dave,
>>
>> Actually I thought I was being quite restrained in my assessment. With
>> version 4.8 the developers completely upended t
Michel,
I appreciate your taking the time to weigh in on this. As I mentioned
previously, I can understand why this feature was added, other applications
have a "*master password to protect other saved passwords*"
feature. Chrome *used to* before they went to protecting it with your
Google acco
Hi Richard,
I am jumping-in specially because I am the guy to blame for this new
feature. I identified the security risks and reported it, so I understand
your frustration and feel bad that your work flow is not as comfortable as
it was before. I hate when this happens to me.
I also think that us
Michel,
Thanks for jumping into the conversation.
On Wed, Jun 5, 2019 at 12:18 PM Michel Feinstein
wrote:
> Let me just add some points to the discussion:
>
> 1 - Your use case is different than most people, you have a VPN in the
> middle of your workflow. Besides, you are imaging someone break
Let me just add some points to the discussion:
1 - Your use case is different than most people, you have a VPN in the
middle of your workflow. Besides, you are imaging someone breaking into
your computer, but the attack vector is much simpler than that.
Someone can craft a malware that will autom
Richard,
On Wed, Jun 5, 2019 at 4:55 PM richard coleman
wrote:
> Dave,
>
> Actually I thought I was being quite restrained in my assessment. With
> version 4.8 the developers completely upended the end user experience.
> From pgAdmin3 through all versions of pgAdmin4 *prior to the current one*,
Dave,
Actually I thought I was being quite restrained in my assessment. With
version 4.8 the developers completely upended the end user experience.
>From pgAdmin3 through all versions of pgAdmin4 *prior to the current one*,
the end user could start pgAdmin and then get to work creating connection
Richard,
On Wed, Jun 5, 2019 at 3:22 PM richard coleman
wrote:
> Dave,
>
> And where would *that* be? pgAdmin4 the executable and the shared
> library is located in /usr/bin/. There are *no* entries in /etc/ for
> pgAdmin4. There is a pgadmin4.db in /home/u/.pgadmin/ but *no* config
> files
On Wed, Jun 5, 2019 at 2:44 PM richard coleman
wrote:
> Dave,
>
> Sorry, but after an e*xhaustive* search of the several terabytes on my
> machine, there is *no* config_local.py file. Do you have any idea where
> it's supposed to be located?
>
You need to create it if it doesn't exist, in the s
File location (assuming you have python 3.5) is
"lib/python3.5/site-packages/pgadmin4/config_local.py" relative to the
pgadmin install directory. You may have to create it as the file is
optional. You use it when you need to override default configuration. I
like to keep pgadmin 4 configuration sep
Dave,
Sorry, but after an e*xhaustive* search of the several terabytes on my
machine, there is *no* config_local.py file. Do you have any idea where
it's supposed to be located?
Thanks,
rik.
On Wed, Jun 5, 2019 at 9:30 AM Dave Page wrote:
>
>
> On Wed, Jun 5, 2019 at 1:16 PM richard coleman
lier email on the topic.
>
>
> pgAdmin III seems a lot better for functionality and usability.
>
>
>
>
>
> *From:* richard coleman
> *Sent:* Wednesday, June 05, 2019 8:17 AM
> *To:* Cherio
> *Cc:* pgAdmin Support
> *Subject:* [EXTERNAL] - Re: pgAdmin4 4.8 Kubunt
On Wed, Jun 5, 2019 at 1:16 PM richard coleman
wrote:
> Cherio,
>
> I am sorry to inform you, but there is *no* mention of "config_local.py"
> on that page, nor any indication of where I would find it.
>
https://www.pgadmin.org/docs/pgadmin4/4.x/desktop_deployment.html#configuration
>
> rik.
>
] - Re: pgAdmin4 4.8 Kubuntu issues
Cherio,
I am sorry to inform you, but there is no mention of "config_local.py" on that
page, nor any indication of where I would find it.
rik.
On Tue, Jun 4, 2019 at 5:06 PM Cherio
mailto:che...@gmail.com>> wrote:
Put "MASTER_PASSWORD_R
Cherio,
I am sorry to inform you, but there is *no* mention of "config_local.py" on
that page, nor any indication of where I would find it.
rik.
On Tue, Jun 4, 2019 at 5:06 PM Cherio wrote:
> Put "MASTER_PASSWORD_REQUIRED = False" line into your
> "lib/python?.?/site-packages/pgadmin4/config_l
Christoph,
pgAdmin4 updated itself this morning, and now the "?" on the Set Master
Password dialog returns an actual page, not a 404. Unfortunately it isn't
all that clear. It suggests;
"You can disable the master password by setting the configuration parameter
MASTER_PASSWORD_REQUIRED=False"
Re: Dave Page 2019-06-05
> > Second: When I click the "?" button on that dialog box it takes me to this
> > page:
> > "http://127.0.0.1:33681/help/help/master_password.html";
> > Which returns "404 Not Found"
> >
>
> That sounds like an issue with the packaging - that file is certainly there
> i
On Tue, Jun 4, 2019 at 9:41 PM richard coleman
wrote:
> Second: When I click the "?" button on that dialog box it takes me to this
> page:
> "http://127.0.0.1:33681/help/help/master_password.html";
> Which returns "404 Not Found"
>
That sounds like an issue with the packaging - that file is cert
Hi
On Tue, Jun 4, 2019 at 10:54 PM Michel Feinstein
wrote:
> It would be easier if the system when prompting for the Master Password,
> had a "I don't want to define a Master Password" or something like that,
> which would set that config_local.py property automatically.
>
We very intentionally
It would be easier if the system when prompting for the Master Password,
had a "I don't want to define a Master Password" or something like that,
which would set that config_local.py property automatically.
On Tue, Jun 4, 2019, 18:06 Cherio wrote:
> Put "MASTER_PASSWORD_REQUIRED = False" line in
Put "MASTER_PASSWORD_REQUIRED = False" line into your
"lib/python?.?/site-packages/pgadmin4/config_local.py". This is in the
docs: https://www.pgadmin.org/docs/pgadmin4/dev/master_password.html
On Tue, Jun 4, 2019 at 4:41 PM richard coleman
wrote:
> To whomever,
>
> Running a newly update pgAdmi
To whomever,
Running a newly update pgAdmin 4 version 4.8 on my Kubuntu box. There are
a couple of glaring issues.
First: It keeps prompting to; "Set Master Password"
I don't want to set another password that I'll just end up forgetting.
Second: When I click the "?" button on that dialog bo
27 matches
Mail list logo
