Thread

  1. Security problem in psql frontends

    PostgreSQL Bugs List <pgsql-bugs@postgresql.org> — 2000-11-13T07:10:15Z

    Csaba Erdei (ecsaba@pcszoftver.hu) reports a bug with a severity of 2
    The lower the number the more severe it is.
    
    Short Description
    Security problem in psql frontends
    
    Long Description
    I can connect to the database with a valid username and with a false password. Why ? 
    I think it isn't a wery good solution, because knowing the administrator's username will give all access to everybody.
    
    Regards,
    
    Csaba Erdei
    
    Sample Code
    
    
    No file was uploaded with this report
    
    
    
  2. Re: Security problem in psql frontends

    Tom Lane <tgl@sss.pgh.pa.us> — 2000-11-13T15:37:41Z

    pgsql-bugs@postgresql.org writes:
    > I can connect to the database with a valid username and with a false
    > password. Why ?
    
    No doubt it's because you've got pg_hba.conf set to "trust" ...
    passwords aren't checked unless pg_hba.conf specifies a password-
    based authentication mechanism.  See
    http://www.postgresql.org/users-lounge/docs/7.0/postgres/security.htm
    
    			regards, tom lane