Hi,
(pgadmin 1.8.2 )
PROBLEM 1
Even though we can restrict a user for couple of databases , the user can disconnect from the current session and edit the connection properties
SO this means he could remove the DB restriction field “ datname IN ('live_db', 'test_db') “ and reconnect and see all the other databases
I recommend setting up a admin account at the time of installing pgadmin and only by login in to the admin account of pgadmin should be able to create, edit and view connection properties
PROBLEM 2
When making a connection to the DB server with pgadmin if u use a valid db name and a valid user login name
Then pgadmin will allow access to the database with out checking the password
I mean if I type a wrong password BUT if the user account and the database is valid I will still be able to access the database
I’m new to postgres so I’m not sure if this is a real bug or if this is a feature , Please update me ASAP
Thanks
Suren
--
This message has been scanned for viruses and
dangerous content by
(RamaDBK - MailScanner),
and is believed to be clean.
