Thread: Security problem in psql frontends
Csaba Erdei (ecsaba@pcszoftver.hu) reports a bug with a severity of 2 The lower the number the more severe it is. Short Description Security problem in psql frontends Long Description I can connect to the database with a valid username and with a false password. Why ? I think it isn't a wery good solution, because knowing the administrator's username will give all access to everybody. Regards, Csaba Erdei Sample Code No file was uploaded with this report
pgsql-bugs@postgresql.org writes: > I can connect to the database with a valid username and with a false > password. Why ? No doubt it's because you've got pg_hba.conf set to "trust" ... passwords aren't checked unless pg_hba.conf specifies a password- based authentication mechanism. See http://www.postgresql.org/users-lounge/docs/7.0/postgres/security.htm regards, tom lane