Re: How to know the password for the user 'postgres'

Поиск
Список
Период
Сортировка
От Sam Mason
Тема Re: How to know the password for the user 'postgres'
Дата
Msg-id 20081028132714.GW2459@frubble.xen.chris-lamb.co.uk
обсуждение исходный текст
Ответ на Re: How to know the password for the user 'postgres'  (Thomas <iamkenzo@gmail.com>)
Список pgsql-general
On Tue, Oct 28, 2008 at 01:43:08PM +0100, Thomas wrote:
> Yes this allows to login remotely through ssh for instance. But it
> doesn't offer a bigger backdoor than having a weak password on a sudo
> account.

In my eyes, the you've just increased the attack surface available for
getting the data---you've gone from a single account to two.  Having
a weak password on the sudo account is still a way in, in addition
to breaking the postgres password.  In practical terms this should
affect things materially; if you've got a strong password on the sudoers
account you're likely to have a strong one on the postgres account and
vice versa.


  Sam

В списке pgsql-general по дате отправления:

Предыдущее
От: "Grzegorz Jaśkiewicz"
Дата:
Сообщение: Re: [Help] Config Failure on Mac OSX: psqlodbc-08.03.0300
Следующее
От: John DeSoi
Дата:
Сообщение: Re: [Help] Config Failure on Mac OSX: psqlodbc-08.03.0300