Skip site navigation (1) Skip section navigation (2)

psql and security

From: Tatsuo Ishii <t-ishii(at)sra(dot)co(dot)jp>
To: pgsql-hackers(at)postgreSQL(dot)org
Subject: psql and security
Date: 2001-09-21 10:56:27
Message-ID: 20010921195627C.t-ishii@sra.co.jp (view raw or flat)
Thread:
Lists: pgsql-generalpgsql-hackers
Hi,

This is not a real security issue but it seems not very appropreate
behavior for me.

$ psql -U foo test
Password: XXX

Welcome to psql, the PostgreSQL interactive terminal.

Type:  \copyright for distribution terms
       \h for help with SQL commands
       \? for help on internal slash commands
       \g or terminate with semicolon to execute query
       \q to quit

test=> \c - postgres
You are now connected as new user postgres

As you can see, psql reconnect as any user if the password is same as
foo. Of course this is due to the careless password setting, but I
think it's better to prompt ANY TIME the user tries to switch to
another user. Comments?
--
Tatsuo Ishii

Responses

pgsql-hackers by date

Next:From: Horak DanielDate: 2001-09-21 11:05:41
Subject: Re: Further CVS errors
Previous:From: Tatsuo IshiiDate: 2001-09-21 10:40:01
Subject: Re: Multibyte regression tests broken?

pgsql-general by date

Next:From: Colin 't HartDate: 2001-09-21 12:08:44
Subject: Re: [HACKERS] psql and security
Previous:From: Tille, AndreasDate: 2001-09-21 10:18:40
Subject: Hardware tuning (Was: Performance question)

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group