Обсуждение: Security problem in psql frontends

Поиск
Список
Период
Сортировка

Security problem in psql frontends

От
pgsql-bugs@postgresql.org
Дата:
Csaba Erdei (ecsaba@pcszoftver.hu) reports a bug with a severity of 2
The lower the number the more severe it is.

Short Description
Security problem in psql frontends

Long Description
I can connect to the database with a valid username and with a false password. Why ?
I think it isn't a wery good solution, because knowing the administrator's username will give all access to everybody.

Regards,

Csaba Erdei

Sample Code


No file was uploaded with this report

Re: Security problem in psql frontends

От
Tom Lane
Дата:
pgsql-bugs@postgresql.org writes:
> I can connect to the database with a valid username and with a false
> password. Why ?

No doubt it's because you've got pg_hba.conf set to "trust" ...
passwords aren't checked unless pg_hba.conf specifies a password-
based authentication mechanism.  See
http://www.postgresql.org/users-lounge/docs/7.0/postgres/security.htm

            regards, tom lane