IntenseWebs/pgadmin4
3
0
Fork 0
mirror of https://github.com/pgadmin-org/pgadmin4.git synced 2025-02-25 18:55:31 -06:00
Code Issues Packages Projects Releases Wiki Activity

Revert "Disable the master password requirement when using alternative authentication sources. Fixes #7012"

Browse Source 
This reverts commit 0c823455a0.
This commit is contained in:
Akshay Joshi
2022-04-22 15:58:06 +05:30
parent ab8e9a8ea5
commit faff8d1fb3
7 changed files with 9 additions and 77 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
docs/en_US/alternate_encryption_key.rst
View File

@@ -1,33 +0,0 @@
.. _alternate_encryption_key:
**********************************
`Alternate Encryption Key`:index:
**********************************
pgAdmin would use the alternate encryption key to secure and later unlock the saved server
passwords if the master password is disabled AND there is NO suitable key/password available
from the authentication module for the user in server mode.
When pgAdmin stores a connection password,
it encrypts it using a key that is formed either from the master password, or
from the pgAdmin login password for the user. In the case of authentication methods
such as OAuth, Kerberos or Webserver, pgAdmin doesn't have access to anything long-lived to
form the encryption key from, hence it uses the master password and if master password
is disabled pgAdmin would use the alternate encryption key, if it is set.
.. note:: You can set the alternate encryption key by setting the configuration
parameter *ALTERNATE_ENCRYPTION_KEY=<Key>*.
See :ref:`config_py` for more information on configuration parameters and how
they can be changed or enforced across an organisation.
.. note:: If the master password and the alternate encryption key is disabled,
then all the saved passwords will be removed.
.. warning:: By setting this option, you should be fully aware of the potential security
risk of using the same encryption key for multiple users, that may be accessible to
sysadmins who would not normally be able to use pgAdmin.
It is **not recommended** that you use the alternate encryption key instead of master password
if you use the *Save Password* option.

7
docs/en_US/connecting.rst
View File

@@ -38,13 +38,6 @@ It is set by the user and can be disabled using config.
master_password
The Alternate Encryption Key is used to secure and later unlock saved server passwords.
It is **not recommended** to use the alternate encryption key.
.. toctree::
alternate_encryption_key
After defining a server connection, right-click on the server name, and select
*Connect to server* to authenticate with the server, and start using pgAdmin to
manage objects that reside on the server.

18
docs/en_US/master_password.rst
View File

@@ -5,9 +5,7 @@
************************
A master password is required to secure and later unlock the saved server
passwords. This is applicable for desktop mode users and for the auth methods
such as OAuth, Kerberos or Webserver where pgAdmin doesn't have access to anything
long-lived to form the encryption key.
passwords. This is applicable only for desktop mode users.
* You are prompted to enter the master password when you open the window for
the first time after starting the application.
@@ -25,15 +23,15 @@ long-lived to form the encryption key.
See :ref:`config_py` for more information on configuration parameters and how
they can be changed or enforced across an organisation.
.. note:: If the master password and :ref:`alternate_encryption_key` is disabled,
then all the saved passwords will be removed.
.. note:: If the master password is disabled, then all the saved passwords will
be removed.
.. warning:: If the master password is disabled, then the saved passwords will
be encrypted using the :ref:`alternate_encryption_key` or a key which is derived
from information within the configuration database. Use of a master password
ensures that the encryption key does not need to be stored anywhere, and thus
prevents possible access to server credentials if the configuration database
becomes available to an attacker.
be encrypted using a key which is derived from information within the
configuration database. Use of a master password ensures that the encryption
key does not need to be stored anywhere, and thus prevents possible access
to server credentials if the configuration database becomes available to an
attacker.
It is **strongly** recommended that you use the master password if you use
the *Save Password* option.

1
docs/en_US/release_notes_6_9.rst
View File

@@ -12,7 +12,6 @@ New features
| `Issue #3253 <https://redmine.postgresql.org/issues/3253>`_ - Added status bar to the Query Tool.
| `Issue #3989 <https://redmine.postgresql.org/issues/3989>`_ - Ensure that row numbers should be visible in view when scrolling horizontally.
| `Issue #6830 <https://redmine.postgresql.org/issues/6830>`_ - Relocate GIS Viewer Button to the Left Side of the Results Table.
| `Issue #7012 <https://redmine.postgresql.org/issues/7012>`_ - Disable the master password requirement when using alternative authentication sources.
| `Issue #7282 <https://redmine.postgresql.org/issues/7282>`_ - Added options 'Ignore owner' and 'Ignore whitespace' to the schema diff panel.
| `Issue #7325 <https://redmine.postgresql.org/issues/7325>`_ - Added support for Azure AD OAUTH2 authentication.