Postgres Pro
Downloads
Home   >   mailing lists

Thread: Strange. I can logon with an invalid or no password atall

Strange. I can logon with an invalid or no password atall

From
Daniel
Date:
My program is reporting "Logged on." even if I enter an invalid or no
password atall.
Here is my login function and below is the function that calls it:

bool DBConn::Connect(const std::string &host, const std::string
&user,
  const std::string &pass)
// Connects to the database
{
  std::string cs = "hostaddr = '" + host +
    "' port = '' dbname = 'TBDB' user = '" + user +
    "' password = '" + pass + "' connect_timeout = '10'";
  pg_conn = PQconnectdb(cs.c_str());
  if (!pg_conn)
    return false;
  if (PQstatus(pg_conn) != CONNECTION_OK)
    return false;
  return true;
}

void TBClientFrame::Login(const wxString &user, const wxString &pass)
{
  std::string host("127.0.0.1");
  std::string user_str = std::string(user.mb_str(*wxConvCurrent));
  std::string pass_str = std::string(pass.mb_str(*wxConvCurrent));
  if (db_conn.Connect(host, user_str, pass_str))
    wxMessageBox(wxT("Logged on."), wxT("Client Info."));
  else
  {
     fprintf(stderr, "%s", db_conn.ErrorMsg());
  }
}

It does report an error if the user name is invalid.  What could cause
this strange behaviour.

Re: Strange. I can logon with an invalid or no password atall

From
Tom Lane
Date:
Daniel <danwgrace@gmail.com> writes:
> My program is reporting "Logged on." even if I enter an invalid or no
> password atall.

You sure the server is configured to ask for a password?

http://www.postgresql.org/docs/8.4/static/client-authentication.html

            regards, tom lane

Re: Strange. I can logon with an invalid or no password atall

From
Chris
Date:
> void TBClientFrame::Login(const wxString &user, const wxString &pass)
> {
>   std::string host("127.0.0.1");
>   std::string user_str = std::string(user.mb_str(*wxConvCurrent));
>   std::string pass_str = std::string(pass.mb_str(*wxConvCurrent));
>   if (db_conn.Connect(host, user_str, pass_str))
>     wxMessageBox(wxT("Logged on."), wxT("Client Info."));
>   else
>   {
>      fprintf(stderr, "%s", db_conn.ErrorMsg());
>   }
> }
>
> It does report an error if the user name is invalid.  What could cause
> this strange behaviour.

What is in your pg_hba.conf file?

Seems like you've got it set to 'trust' for (at least) 127.0.0.1 - try
changing that to 'md5' and restarting postgres.

--
Postgresql & php tutorials
http://www.designmagick.com/

Re: Strange. I can logon with an invalid or no password atall

From
Daniel
Date:
Thanks.  I did not realise it was so configurable.

Re: Strange. I can logon with an invalid or no password atall

From
Scott Marlowe
Date:
Better too many options than not enough eh?

On Thu, Dec 3, 2009 at 2:47 PM, Daniel <danwgrace@gmail.com> wrote:
> Thanks.  I did not realise it was so configurable.
>
> --
> Sent via pgsql-general mailing list (pgsql-general@postgresql.org)
> To make changes to your subscription:
> http://www.postgresql.org/mailpref/pgsql-general
>



--
When fascism comes to America, it will be intolerance sold as diversity.