Tony Caduto wrote:
> I had installed the win32 version awhile ago, but I had the pg_hba.conf
> set to trust. Then I started to test SSL on win32 so I changed it to this:
> host all all 127.0.0.1/32 md5
> host all all 192.168.15.131/32 md5 #my pcs adddress
>
> And I ensured the service had been restarted after making the change to
> md5 instead of trust for my PC address.
>
> Ok, here is the problem, If I pass in a blank password '' the md5
> authentication is not done and I simply go right in with full access.
> If I pass in a space ' ' the I get the password authentication error.
> Normally with a blank password I would expect to see the no password
> supplied error, but that is not happening on win32 it just gives full
> blown access.
>
> Here is the connect string being passed to libpq.dll when I use the
> blank password, this string is captured from the debugger:
>
> hostaddr='10.201.170.131' port='5432' dbname='template1' user='postgres'
> password='' connect_timeout='15' sslmode=disable
>
> I tried the same thing on a Linux server and it does not behave this
> way, only on win32.
>
> I then uninstalled 8.2.1 on the win32 box and completely deleted the
> data directory and reinstalled and the same behavior prevailed.
>
> I know a new connect GRANT was enabled in 8.2, but I though that was in
> addition to the first checks done in pg_hba.conf.
>
> Maybe I am doing something wrong, but it sure doesn't seem that way.
> Like I said it "might" be a bug.
>
>
>
Question, I hope stupid, postgres user HAS a password right?
