Home > mailing lists

Re: How to know the password for the user 'postgres' - Mailing list pgsql-general

From	Sam Mason
Subject	Re: How to know the password for the user 'postgres'
Date	October 28, 2008 13:27:19
Msg-id	20081028132714.GW2459@frubble.xen.chris-lamb.co.uk Whole thread Raw
In response to	Re: How to know the password for the user 'postgres' (Thomas <iamkenzo@gmail.com>)
List	pgsql-general

Tree view

On Tue, Oct 28, 2008 at 01:43:08PM +0100, Thomas wrote:
> Yes this allows to login remotely through ssh for instance. But it
> doesn't offer a bigger backdoor than having a weak password on a sudo
> account.

In my eyes, the you've just increased the attack surface available for
getting the data---you've gone from a single account to two.  Having
a weak password on the sudo account is still a way in, in addition
to breaking the postgres password.  In practical terms this should
affect things materially; if you've got a strong password on the sudoers
account you're likely to have a strong one on the postgres account and
vice versa.

  Sam

pgsql-general by date:

From: "Grzegorz Jaśkiewicz"
Date: 28 October 2008, 13:23:36
Subject: Re: [Help] Config Failure on Mac OSX: psqlodbc-08.03.0300

From: John DeSoi
Date: 28 October 2008, 13:29:46
Subject: Re: [Help] Config Failure on Mac OSX: psqlodbc-08.03.0300

Re: How to know the password for the user 'postgres' - Mailing list pgsql-general

Previous

Next