On Mon, 22 May 2000, Tom Lane wrote:
> Matt Sullivan <matt@sullivan.gen.nz> writes:
> > Essentially, in our environment, we require password authentication as
> > a defacto. However it appears that once a user has authenticated with
> > the backend it is possible for that user to trivially assume root dba
> > privileges or privileges of any other dba user.
>
> It appears that psql will auto-supply the previously entered password,
> so if you were using the same password for all your accounts then this
> might happen. Otherwise it's pretty hard to believe. That new
> connection is to a new backend; there's no way for it to know that you
> were previously connected.
>
> Offhand I think it would be a good idea for psql to insist on a new
> password if the \connect command gives a new user name...
Ok, phew...
matt=> \c wwwdata wwwdata Password authentication failed for user 'wwwdata' Previous connection kept matt=>
This would infer though that the passwd data is cached within each instance of
psql which could present it's own set of security risks.
I would think that it should probably be *forgotton* after authentication is
established and required on any new \connect. This might present some issues
with pg_dump etc. I guess though.
Matt.