I "might" have found a bug on 8.2.1 win32 - Mailing list pgsql-general

From Tony Caduto
Subject I "might" have found a bug on 8.2.1 win32
Date
Msg-id 45C20E89.6030009@amsoftwaredesign.com
Whole thread Raw
Responses Re: I "might" have found a bug on 8.2.1 win32
List pgsql-general
I had installed the win32 version awhile ago, but I had the pg_hba.conf
set to trust.  Then I started to test SSL on win32 so I changed it to this:
host    all         all         127.0.0.1/32          md5
host    all         all         192.168.15.131/32     md5  #my pcs adddress

And I ensured the service had been restarted after making the change to
md5 instead of trust for my PC address.

Ok, here is the problem, If I pass in a blank password '' the md5
authentication is not done and I simply go right in with full access.
If I pass in a space ' ' the I get the password authentication error.
Normally with a blank password I would expect to see the no password
supplied error, but that is not happening on win32 it just gives full
blown access.

Here is the connect string being passed to libpq.dll when I use the
blank password, this string is captured from the debugger:

hostaddr='10.201.170.131' port='5432' dbname='template1' user='postgres'
password='' connect_timeout='15' sslmode=disable

I tried the same thing on a Linux server and it does not behave this
way, only on win32.

I then uninstalled 8.2.1 on the win32 box and completely deleted the
data directory and reinstalled and the same behavior prevailed.

I know a new connect GRANT was enabled in 8.2, but I though that was in
addition to the first checks done in pg_hba.conf.

Maybe I am doing something wrong, but it sure doesn't seem that way.
Like I said it "might" be a bug.



--
Tony Caduto
AM Software Design
http://www.amsoftwaredesign.com
Home of PG Lightning Admin for Postgresql
Your best bet for Postgresql Administration


pgsql-general by date:

Previous
From: Andrew Sullivan
Date:
Subject: Re: Compilation Error AIX
Next
From: "Demel, Jeff"
Date:
Subject: Subqueries - performance and use question