On the one hand angry emails like the one that started this thread reveal how many of users don't realize they should be thankful and appreciative they are given a free product to use. I personally was repelled by the tone, but that's beyond the point.
On the other hand this specific question was raised several times here before. In my mind it may not be a big lift to create a small [re]configuration shell/python script that would take care of the most common settings like this one. A simple command line "wizard" that simply asks to [re]define the initial or existing configuration. This way the developers don't need to worry about compromised security. I foresee variables like those below (just a suggestion) to be a subject of such configuration script. DATA_DIR LOG_FILE SQLITE_PATH SESSION_DB_PATH STORAGE_DIR PGADMIN_INT_PORT DEFAULT_SERVER_PORT SERVER_MODE MASTER_PASSWORD_REQUIRED On Sun, Feb 28, 2021 at 6:08 PM richard coleman <rcoleman.ascen...@gmail.com> wrote: > [ HOW TO DISABLE MASTER PASSWORD feature in pgAdmin4 ] > > Vladimir, > > I sympathize with you. I have had some extensive discussions with the > head developer, unfortunately it doesn't seem to be something that he is > willing to address. It's built to address a *remote* threat vector, one > that the vast majority of users would not be susceptible to, nor would they > agree that the minimal additional security provided warrants the lost time > and inconvenience that having it entails. Since he believes so strongly in > this, it is set to a default of being on and not only is the setting *not* > exposed in the configuration UI, but it makes use of a non-existent file in > a location that typically only administrators have access to. Since many > (most) users who will be using this in desktop mode already have these > permissions, all it does is force them to either; use a stupidly simple > master password (a single space is sufficient), or research the > byzantine instructions to create a config_local.py file with the magic > line; "MASTER_PASSWORD_REQUIRED=False" . It doesn't help that the official > documentation located here > https://www.pgadmin.org/docs/pgadmin4/5.0/config_py.html, gives a > location for config_system.py. It usually doesn't exist and more > importantly is **not** the location where the config.py, config_distro.py, > or the all important config_local.py (that you need to create to disable > the MASTER PASSWORD feature) resides. Of course, upgrading from pgAdmin4 > 4.x to pgAdmin4 5.0 re-enables the MASTER PASSWORD feature (⋋▂⋌). > > So, until the devs either; add the option to control the MASTER PASSWORD > feature into the config UI where it belongs, or change things, here are the > steps to disable it. > > 1. Make sure pgAdmin4 is not running (if you are using pre-version 5, > make sure it isn't running in the tray) > 2. Locate the pgadmin4 *config.py* file (it will be in a *web* > sub-directory parallel to the directory containing the executable) > 3. Create a file named *config_local.py* in the same directory as the > config.py file (you will probably need admin or equivalent permissions) > 4. Enter the line: MASTER_PASSWORD_REQUIRED=False into that file and > save > 5. Start pgAdmin4 and enjoy your MASTER PASSWORD free life > > I hope that helps anyone else still struggling with this. > > rik. > > On Sun, Feb 28, 2021 at 5:47 AM Vladimir Nicolici <vla...@gmail.com> > wrote: > >> Apparently, some parts of the message were lost when posting it through >> postgresql-archive.org, so I attached a PDF version of my previous >> message which includes the missing sections. Sorry about that. >> >> >> >> Sent from Mail <https://go.microsoft.com/fwlink/?LinkId=550986> for >> Windows 10 >> >
