Security Overview

​

Security Model

Poge implements a local-first security architecture where all sensitive data is encrypted and stored only in your browser’s localStorage. No data ever leaves your device unless you explicitly export it.

​

Core Security Principles

1. Client-Side Encryption: All database credentials, saved queries, and sensitive data are encrypted using AES-256-GCM before being stored
2. PIN-Protected Access: A 6-digit PIN serves as the master key for encrypting and decrypting your data
3. Zero Server Trust: Poge runs entirely in your browser - no backend servers, no data transmission, no cloud storage
4. Session Management: Automatic lockout and session timeouts protect against unauthorized access when you step away

​

Local-First Architecture

​

What Gets Encrypted

The following data is encrypted with your PIN before being stored:

• Database credentials (host, port, username, password)
• Server connection details
• Saved query contents
• Query execution history
• Application preferences and settings

​

What Is NOT Encrypted

The following data is stored in plain text:

• PIN hash (SHA-256) - Used only for verification, cannot be reversed to obtain your PIN
• Session state (locked/unlocked status)
• Theme preference (before initial setup)

​

Storage Location

All data is stored in your browser’s localStorage at these keys:

• postgres-manager-servers - Encrypted server configurations
• postgres-manager-saved-queries - Encrypted saved queries
• postgres-manager-query-history - Encrypted query history
• postgres-manager-pin-hash - SHA-256 hash of your PIN
• postgres-manager-session-locked - Session lock status
• postgres-manager-preferences - Encrypted user preferences

​

Threat Model

​

What Poge Protects Against

✅ Unauthorized local access: Automatic session locking prevents unauthorized users from accessing your data when you step away from your device ✅ Browser storage inspection: All sensitive data is encrypted with AES-256-GCM, making it unreadable without the correct PIN ✅ Credential theft from localStorage: Even if an attacker gains access to your browser’s localStorage, they cannot decrypt credentials without your PIN ✅ Brute force attacks: PBKDF2 with 100,000 iterations makes brute-forcing PINs computationally expensive

​

What Poge Does NOT Protect Against

❌ Keyloggers or malware: If your device is compromised by malware, attackers could capture your PIN as you type it ❌ Shoulder surfing: Physical observation of your screen or PIN entry ❌ Database server security: Poge only protects credentials in transit and at rest locally. Your PostgreSQL server’s security is independent ❌ Network interception: Database connections are only as secure as your PostgreSQL server’s SSL/TLS configuration ❌ Browser vulnerabilities: Poge relies on the browser’s Web Crypto API implementation

​

Security Best Practices

​

PIN Selection

1. Choose a strong PIN: While 6 digits provide 1 million combinations, avoid common patterns:
   • ❌ Sequential numbers (123456, 654321)
   • ❌ Repeated digits (111111, 000000)
   • ❌ Personal dates (birthday, anniversary)
   • ✅ Use a random 6-digit PIN generated by a password manager
2. Never share your PIN: Your PIN is the master key to all your database credentials
3. Don’t reuse your database passwords as your PIN: Keep them separate

​

Session Management

1. Enable auto-lock timeout: Set an appropriate auto-lock interval (5-30 minutes recommended)
   • Configurable in Settings → Security → Auto-lock Timeout
   • Default: 5 minutes of inactivity
2. Lock manually when stepping away: Use the “Lock App” button (or Ctrl+L) whenever you leave your device
3. Enable lock on refresh: Prevent unauthorized access after page reloads
   • Settings → Security → Lock on Page Refresh

​

Backup and Recovery

1. Export encrypted backups regularly: Use Settings → Data Management → Export All Data
   • Choose a strong password (not your PIN) for backup encryption
   • Store backups securely outside your browser
2. Test backup restoration: Periodically verify that you can restore from your backups
3. Secure your backup password: If you lose both your PIN and backup password, your data is permanently unrecoverable

​

Database Connection Security

1. Always use SSL/TLS: Configure your PostgreSQL server to require encrypted connections
2. Use least-privilege database users: Create database users with only the permissions needed for your queries
3. Avoid admin credentials: Don’t store superuser or admin credentials in Poge unless absolutely necessary
4. Connection strings: If using connection strings, ensure they don’t contain credentials in URLs that might be logged

​

Operational Security

1. Use Poge on trusted devices only: Avoid using Poge on public or shared computers
2. Keep your browser updated: Security updates often patch vulnerabilities in Web Crypto implementations
3. Use a reputable browser: Chrome, Firefox, Safari, and Edge all have strong Web Crypto API implementations
4. Clear data on shared devices: If you must use Poge on a shared device, clear all data before you leave (Settings → Security → Clear All Data)
5. Monitor for suspicious activity: Review your query history periodically for any unfamiliar queries

​

Security Indicators

Poge provides several visual indicators of your security status:

• Lock icon in header: Shows whether your session is active or locked
• Session timeout warning: Appears 10 seconds before auto-lock
• “AES-256 Encrypted” badge: Visible during setup to confirm encryption is active
• Failed login attempts: Tracks consecutive failed PIN entries (max 5 attempts before 5-minute lockout)

​

Frequently Asked Questions

​

Is my data sent to any servers?

No. Poge is a fully client-side application. Your database credentials, queries, and all sensitive data remain on your device. The only network requests are direct connections from your browser to your PostgreSQL database servers.

​

How secure is a 6-digit PIN?

A 6-digit PIN provides 1,000,000 possible combinations. Poge uses PBKDF2 with 100,000 iterations to derive encryption keys, making each PIN attempt computationally expensive. With the 5-attempt lockout mechanism, brute-forcing becomes impractical. However, for maximum security, use a strong backup password when exporting data.

​

Can I recover my data if I forget my PIN?

No. Without your PIN, the encryption keys cannot be derived, and your data is permanently encrypted. This is by design - even we cannot decrypt your data. The only recovery option is importing a previously exported backup (which requires the backup password).

​

What happens if I clear my browser’s cache or data?

Clearing localStorage will delete all your encrypted data, including server configurations, queries, and settings. You’ll need to restore from a backup or reconfigure everything. Clear cache (images/JavaScript) but not site data/localStorage.

​

Is Poge safe for production database credentials?

Poge provides strong encryption for storing credentials, but your risk tolerance should guide this decision:

• Development/staging databases: Generally safe
• Production read-only users: Reasonable with proper backup procedures
• Production admin credentials: Higher risk - consider dedicated secret management tools

Always follow your organization’s security policies regarding credential storage.

​

Does Poge work offline?

Yes, after initial load. Poge is a Progressive Web App (PWA) that can run offline. However, you still need network access to connect to your PostgreSQL databases.

​

Next Steps

• Learn about encryption implementation
• Configure session management settings
• Review backup and export procedures