psql and security - Mailing list pgsql-hackers

From Tatsuo Ishii
Subject psql and security
Date
Msg-id 20010921195627C.t-ishii@sra.co.jp
Whole thread Raw
Responses Re: psql and security
Re: psql and security
List pgsql-hackers
Hi,

This is not a real security issue but it seems not very appropreate
behavior for me.

$ psql -U foo test
Password: XXX

Welcome to psql, the PostgreSQL interactive terminal.

Type:  \copyright for distribution terms      \h for help with SQL commands      \? for help on internal slash commands
    \g or terminate with semicolon to execute query      \q to quit
 

test=> \c - postgres
You are now connected as new user postgres

As you can see, psql reconnect as any user if the password is same as
foo. Of course this is due to the careless password setting, but I
think it's better to prompt ANY TIME the user tries to switch to
another user. Comments?
--
Tatsuo Ishii


pgsql-hackers by date:

Previous
From: Karel Zak
Date:
Subject: Re: Multibyte regression tests broken?
Next
From: Tatsuo Ishii
Date:
Subject: Re: Multibyte regression tests broken?