Thread: user password problem

user password problem

From

julien piaser

Date:

27 July 2000, 07:01:31

I'm using postgresql7.0.2 on Linux Redhat 6.1.

It seems that any user can log in psql with any other user account
without giving any password

i.e: if I'm logged in a shell as julien (who is a single user, not an
administrator) I just have to write: psql -U postgres mydatabase to go
into mydatabase with postgres permissions, without giving any password
(or a wrong one as well)

Not really securised... any suggestions?

regards

J.Piaser

Re: user password problem

From

Mathieu Arnold

Date:

27 July 2000, 07:23:33


julien piaser wrote:
>
> I'm using postgresql7.0.2 on Linux Redhat 6.1.
>
> It seems that any user can log in psql with any other user account
> without giving any password
>
> i.e: if I'm logged in a shell as julien (who is a single user, not an
> administrator) I just have to write: psql -U postgres mydatabase to go
> into mydatabase with postgres permissions, without giving any password
> (or a wrong one as well)
>
> Not really securised... any suggestions?

look at your $PG_DATA/pg_hba.conf
instead of :
local        all                                         trust
host         all         127.0.0.1     255.255.255.255   trust

try something like :
local        all                                         crypt
host         all         127.0.0.1     255.255.255.255   crypt

--
Mathieu Arnold