Re: psql and security

Tatsuo Ishii writes:

> As you can see, psql reconnect as any user if the password is same as
> foo. Of course this is due to the careless password setting, but I
> think it's better to prompt ANY TIME the user tries to switch to
> another user.

I'm not sure.  A few users have voiced concerns about this before, but we
have no count of the users that might enjoy this convenience. ;-)

Basically, the attack scenario here is that if you have a psql running and
leave your terminal, someone else can come in and get access to any other
database that you might have access to, without knowing your password.
But given a running psql, figuring out the password isn't so hard (running
a debugger or inducing a core dump would be likely options), and
concluding that this password is valid for all databases is trivial since
that's the default setup.

-- 
Peter Eisentraut   peter_e@gmx.net   http://funkturm.homeip.net/~peter