Thread: Security problem in psql frontends

Security problem in psql frontends

From

pgsql-bugs@postgresql.org

Date:

13 November 2000, 05:13:30

Csaba Erdei (ecsaba@pcszoftver.hu) reports a bug with a severity of 2
The lower the number the more severe it is.

Short Description
Security problem in psql frontends

Long Description
I can connect to the database with a valid username and with a false password. Why ?
I think it isn't a wery good solution, because knowing the administrator's username will give all access to everybody.

Regards,

Csaba Erdei

Sample Code


No file was uploaded with this report

Re: Security problem in psql frontends

From

Tom Lane

Date:

13 November 2000, 13:41:33

pgsql-bugs@postgresql.org writes:
> I can connect to the database with a valid username and with a false
> password. Why ?

No doubt it's because you've got pg_hba.conf set to "trust" ...
passwords aren't checked unless pg_hba.conf specifies a password-
based authentication mechanism.  See
http://www.postgresql.org/users-lounge/docs/7.0/postgres/security.htm

            regards, tom lane