Thread: Login with blank password

Login with blank password

From

rray@tcmail.mstc.state.ms.us

Date:

11 December 2004, 02:34:17

Is there a setting in postgresql.conf that will log the password that's used to login with?
If I add "host    all         user        172.17.32.0       255.255.255.0     password"
to pg_hba.conf the user can login with a blank password.
If I add "host    all         user        172.17.32.1       255.255.255.255     password"
to pg_hba.conf the user must enter a correct password.
This only occurs in apps I've written using libpq.
Using PostgreSQL 7.4.3 on Fedora Core 2.

Thanks
Richard Ray

Re: Login with blank password

From

Tom Lane

Date:

11 December 2004, 19:32:46

rray@tcmail.mstc.state.ms.us writes:
> Is there a setting in postgresql.conf that will log the password that's used to login with?

No (deliberately so).

> If I add "host    all         user        172.17.32.0       255.255.255.0     password"
> to pg_hba.conf the user can login with a blank password.
> If I add "host    all         user        172.17.32.1       255.255.255.255     password"
> to pg_hba.conf the user must enter a correct password.

This sounds to me like you are failing to consider the effects of the
order of entries in pg_hba.conf --- ie, in the first case the connection
is being caught by a TRUST-mode entry (or at least, not a password-based
one ... could be IDENT as well).  Don't forget to SIGHUP the postmaster
after editing pg_hba.conf, too.

            regards, tom lane