Skip site navigation (1) Skip section navigation (2)

Re: wrong password accepted

From: Raphael Bauduin <raphael(at)be(dot)easynet(dot)net>
To: Sam Barnett-Cormack <s(dot)barnett-cormack(at)lancaster(dot)ac(dot)uk>
Cc: Raphael Bauduin <raphael(at)be(dot)easynet(dot)net>,pgsql-admin(at)postgresql(dot)org
Subject: Re: wrong password accepted
Date: 2003-08-29 15:26:02
Message-ID: 20030829152602.GA31054@raphael (view raw or flat)
Thread:
Lists: pgsql-admin
On Fri, Aug 29, 2003 at 02:22:07PM +0100, Sam Barnett-Cormack wrote:
> 
> On Fri, 29 Aug 2003, Raphael Bauduin wrote:
> 
> > Hi,
> >
> > this is a strange situation I just discovered on a postgresql
> > 7.2.1-2woody2 (Debian as you can see...). I use pg_hba to specify
> > password ahtentications for clients. HEre's the line:
> > host         all         127.0.0.1    255.255.255.0       password  pass-file
> >
> > I just discovered that when I use the correct password to whach I append
> > text, it is accepted (though this is not correct...)
> > For example, if my password is postgres, the following will also be
> > accepted: postgresql, postgresblabla, postgres2 ...... but it will
> > reject postgrex eg.
> 
> If the password mechanism uses standard crypt() passwords, then only the
> first eight letters count. It just happens that postgres is eight
> letters long.
> 
> This has been a public service educated guess.

It seems this was a good guess. Thanks for this simple and efficient
answer! :-)

Raph

In response to

pgsql-admin by date

Next:From: Pierre CoudercDate: 2003-08-29 16:27:09
Subject: How to read a sequence without incrementing it?
Previous:From: Tom LaneDate: 2003-08-29 13:45:52
Subject: Re: Can not deleted all record

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group