Thread: Login box bug
PGADMIN III RC2 source ccompiled. Postgresql 8.beta, RHE3 If you don't enter a password or enter the wrong password you are connected to the database anyways. The properties window for the server says you are not connected but you are and can access,create and modify objects. Does PGAdmin not use the pg_hba.conf file? Thanks Joel -- | Joel Krajden | Rm: LB-915, Tel: 514 848-2424 3052 | | | Fax: 514 848-2830 | | Senior Systems Analyst | Email: joelk@cs.concordia.ca | | Engineering & Computer Sc.| http://www.cs.concordia.ca/~staffcs/joelk | | Concordia University | Remember it's a circus and the clowns | | Montreal, Canada | are supposed to make you laugh, not cry. |
> -----Original Message----- > From: pgadmin-support-owner@postgresql.org > [mailto:pgadmin-support-owner@postgresql.org] On Behalf Of > Joel Krajden > Sent: 22 November 2004 21:49 > To: pgadmin-support@postgresql.org > Subject: [pgadmin-support] Login box bug > > PGADMIN III RC2 source ccompiled. Postgresql 8.beta, RHE3 > > If you don't enter a password or enter the wrong password you > are connected to the database anyways. The properties window > for the server says you are not connected but you are and can > access,create and modify objects. Does PGAdmin not use the > pg_hba.conf file? Yes, *every* PostgreSQL application uses this file - otherwise it would be kinda easy to hack a PostgreSQL server :-). You must have a trust option set somewhere in pg_hba.conf or something similar that you have missed. Regards, Dave
> -----Original Message----- > From: Joel Krajden [mailto:joelk@cs.concordia.ca] > Sent: 23 November 2004 14:07 > To: Dave Page > Subject: Re: [pgadmin-support] Login box bug > > When I log in via psql template1 postgres pg_hba.conf works > fine. How does pgadmin know the location of pg_hba.conf to use. It doesn't - that's the whole point. The adherence to the correct pg_hba.conf is controlled entirely by the server. If it were possible to bypass it from a client then any hacker could easily bypass any access controls - this is certainly not the case. Regards. Dave.
> -----Original Message----- > From: Joel Krajden [mailto:joelk@cs.concordia.ca] > Sent: 23 November 2004 14:52 > To: Dave Page > Subject: Re: [pgadmin-support] Login box bug > > When we ran initdb to create the template databse we did not > use the -W flag to prompt for a password. Could that be the problem? If you haven't subsequently set a password, then yes, that would explain why you don't need a password to login. Regards, Dave.