1. Added Master Password to increase the security of saved passwords. Fixes #4184

2. In server(web) mode, update all the saved server credentials when user password is changed. Fixes #3377
2025-02-25 18:55:31 -06:00 · 2019-05-28 12:00:18 +05:30
parent 6f0eafb223
commit dfa892d2a2
44 changed files with 1509 additions and 416 deletions
--- a/docs/en_US/connecting.rst
+++ b/docs/en_US/connecting.rst
@@ -24,6 +24,13 @@ dialog, right-click on the *Servers* node of the tree control, and select

   server_dialog

+A master password is required to secure and later unlock saved server passwords.
+It is set by the user and can be disabled using config.
+
+.. toctree::
+
+    master_password
+
 After defining a server connection, right-click on the server name, and select
 *Connect to server* to authenticate with the server, and start using pgAdmin to
 manage objects that reside on the server.
--- a/docs/en_US/images/master_password_enter.png
+++ b/docs/en_US/images/master_password_enter.png
--- a/docs/en_US/images/master_password_reset.png
+++ b/docs/en_US/images/master_password_reset.png
--- a/docs/en_US/images/master_password_set.png
+++ b/docs/en_US/images/master_password_set.png
--- a/docs/en_US/login.rst
+++ b/docs/en_US/login.rst
@@ -16,6 +16,7 @@ Use the fields in the *Login* dialog to authenticate your connection:
  field.
 * Provide your password in the *Password* field.
 * Click the *Login* button to securely log into pgAdmin.
+* Please note that, if the pgAdmin server is restarted then you will be logged out. You need to re-login to continue.

 Recovering a Lost Password
 **************************
--- a/docs/en_US/master_password.rst
+++ b/docs/en_US/master_password.rst
@@ -0,0 +1,38 @@
+.. _master_password:
+
+************************
+`Master Password`:index:
+************************
+
+A master password is required to secure and later unlock the saved server passwords. This is applicable only for desktop mode users.
+
+* You are prompted to enter the master password when you open the window for the first time after starting the application.
+* Once you set the master password, all the existing saved passwords will be re-encrypted using the master password.
+* The server passwords which are saved in the SQLite DB file are encrypted and decrypted using the master password.
+
+.. image:: images/master_password_set.png
+    :alt: Set master password
+    :align: center
+
+* You can disable the master password by setting the configuration parameter *MASTER_PASSWORD_REQUIRED=False*
+* Note that, if master password is disabled, then all the saved passwords will be removed.
+
+.. warning:: If master password is disabled, then the saved passwords will be encrypted using a key
+    which may not be as secure as master password. It is strongly recommended to use master password if you use "Save password" option.
+
+* The master password is not stored anywhere on the physical storage. It is temporarily stored in the application memory and it does not get saved in case the application gets restarted.
+* You are prompted to enter the master password when pgAdmin server is restarted.
+
+.. image:: images/master_password_enter.png
+    :alt: Enter master password
+    :align: center
+
+
+* If you forget the master password, you can use the "Reset Master Password" button to reset the password.
+
+.. image:: images/master_password_reset.png
+    :alt: Reset master password
+    :align: center
+
+.. warning:: Resetting the master password will also remove all the saved passwords and close all the existing established
+  connections.
--- a/docs/en_US/release_notes_4_7.rst
+++ b/docs/en_US/release_notes_4_7.rst
@@ -10,9 +10,11 @@ This release contains a number of bug fixes since the release of pgAdmin4 4.6.
 Bug fixes
 *********

+| `Bug #3377 <https://redmine.postgresql.org/issues/3377>`_ - In server(web) mode, update all the saved server credentials when user password is changed.
 | `Bug #3885 <https://redmine.postgresql.org/issues/3885>`_ - Fix the responsive layout of the main menu bar.
 | `Bug #4162 <https://redmine.postgresql.org/issues/4162>`_ - Fix syntax error when adding more than one column to the existing table.
 | `Bug #4164 <https://redmine.postgresql.org/issues/4164>`_ - Fix file browser path issue which occurs when client is on Windows and server is on Mac/Linux.
+| `Bug #4184 <https://redmine.postgresql.org/issues/4184>`_ - Added Master Password to increase the security of saved passwords.
 | `Bug #4194 <https://redmine.postgresql.org/issues/4194>`_ - Fix accessibility issue for menu navigation.
 | `Bug #4208 <https://redmine.postgresql.org/issues/4208>`_ - Update the UI logo.
 | `Bug #4217 <https://redmine.postgresql.org/issues/4217>`_ - Fixed CSRF security vulnerability issue.