Postgres Pro
Downloads
Home   >   mailing lists

Thread: Login box bug

Login box bug

From
Joel Krajden
Date:
PGADMIN III RC2 source ccompiled. Postgresql 8.beta, RHE3

If you don't enter a password or enter the wrong password you are connected to
the database anyways. The properties window for the server says you are not
connected but you are and can access,create and modify objects. Does PGAdmin
not use the pg_hba.conf file?


Thanks
Joel

-- 
| Joel Krajden              | Rm: LB-915,  Tel: 514 848-2424 3052         |
|                           | Fax: 514 848-2830                           |
| Senior Systems Analyst    | Email: joelk@cs.concordia.ca                |
| Engineering & Computer Sc.| http://www.cs.concordia.ca/~staffcs/joelk   |
| Concordia University      |   Remember it's a circus and the clowns     |
| Montreal, Canada          |   are supposed to make you laugh, not cry.  |

Re: Login box bug

From
"Dave Page"
Date:

> -----Original Message-----
> From: pgadmin-support-owner@postgresql.org
> [mailto:pgadmin-support-owner@postgresql.org] On Behalf Of
> Joel Krajden
> Sent: 22 November 2004 21:49
> To: pgadmin-support@postgresql.org
> Subject: [pgadmin-support] Login box bug
>
> PGADMIN III RC2 source ccompiled. Postgresql 8.beta, RHE3
>
> If you don't enter a password or enter the wrong password you
> are connected to the database anyways. The properties window
> for the server says you are not connected but you are and can
> access,create and modify objects. Does PGAdmin not use the
> pg_hba.conf file?

Yes, *every* PostgreSQL application uses this file - otherwise it would
be kinda easy to hack a PostgreSQL server :-). You must have a trust
option set somewhere in pg_hba.conf or something similar that you have
missed.

Regards, Dave

Re: Login box bug

From
"Dave Page"
Date:

> -----Original Message-----
> From: Joel Krajden [mailto:joelk@cs.concordia.ca]
> Sent: 23 November 2004 14:07
> To: Dave Page
> Subject: Re: [pgadmin-support] Login box bug
>
> When I log in via psql template1 postgres pg_hba.conf works
> fine. How does pgadmin know the location of pg_hba.conf to use.

It doesn't - that's the whole point. The adherence to the correct
pg_hba.conf is controlled entirely by the server. If it were possible to
bypass it from a client then any hacker could easily bypass any access
controls - this is certainly not the case.

Regards. Dave.

Re: Login box bug

From
"Dave Page"
Date:

> -----Original Message-----
> From: Joel Krajden [mailto:joelk@cs.concordia.ca]
> Sent: 23 November 2004 14:52
> To: Dave Page
> Subject: Re: [pgadmin-support] Login box bug
>
> When we ran initdb to create the template databse we did not
> use the -W flag to prompt for a password. Could that be the problem?

If you haven't subsequently set a password, then yes, that would explain
why you don't need a password to login.

Regards, Dave.