Bug report #19201
Authentification in QGIS doesn't ask master password - security breach
| Status: | Rejected | ||
|---|---|---|---|
| Priority: | Normal | ||
| Assignee: |  Alessandro Pasotti | ||
| Category: | Authentication system | ||
| Affected QGIS version: | 3.1(master) | Regression?: | No |
| Operating System: | Windows 10 x64 | Easy fix?: | No |
| Pull Request or Patch supplied: | No | Resolution: | invalid |
| Crashes QGIS or corrupts data: | No | Copied to github as #: | 27030 |
Description
I have a QGIS project, which consists of many layers from a PostgreSQL database. Logins and passwords for the access are stored in the QGIS authentification database (qgis-auth.db). Once I run the project in QGIS 2.18 it firstly asks for my master password, and then loads all the layers from the database if I enter the correct master password.
However, when using the same approach in QGIS 3.1 (and 3.0.3), if I run the project, QGIS starts and doesn not ask for the master password. Instead of this it loads all layers from the database avoiding authentification!
History
#1
Updated by Alessandro Pasotti almost 6 years ago
- Status changed from Open to Feedback
There is a new feature in QGIS 3 that allows (do not force to, just allows) the user to store the master password in the operating system password manager/wallet (whatever is called on your platform).
#2
Updated by Alessandro Pasotti over 5 years ago
- Resolution set to invalid
- Regression? changed from Yes to No
- Assignee changed from Larry Shaffer to Alessandro Pasotti
- Status changed from Feedback to Rejected