From: | "Sergio A(dot) Kessler" <ser(at)perio(dot)unlp(dot)edu(dot)ar> |
---|---|
To: | "pgsql-interfaces(at)postgreSQL(dot)org" <pgsql-interfaces(at)postgreSQL(dot)org> |
Subject: | Re: [INTERFACES] pg_pwd |
Date: | 1999-11-19 22:08:59 |
Message-ID: | 3835CA7B.5D7FF6F3@perio.unlp.edu.ar |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-interfaces |
Tom Lane wrote:
>
> "Sergio A. Kessler" <ser(at)perio(dot)unlp(dot)edu(dot)ar> writes:
> > what is the funcionality of the file pg_pwd in $PG_DATA ?
> > (no, there is _nothing_ in the docs)
>
> That's cause you don't need to know ;-)
>
> Seriously, it's a flat-file copy of pg_shadow, used by the postmaster
> to do password verification. (The postmaster can't look directly at
> pg_shadow because it cannot participate in database operations.)
> See doc/TODO.detail/pg_shadow.
where ? can you post an absolute url ?
> > and why is world =writable & readable= ?
> > (hey, everybody, wanna know my passwd ?)
>
> It's not really a security hole because it lives inside a directory
> that's mode 700 (unless you tampered with the default permissions
> setup).
in rh6.1 /var/lib/pgsql is 755 (and no, I haven't changed anything)
can you spell "2_KM_DIAMETER_HOLE" ?
> However, I agree it oughta be changed anyway.
having a text file with usernames and *passwords in clear*
world readable & writable make me feel nervous, pretty nervous.
indeed the root user (who isn't the dba) can know anything too
easy...
--
-= Sergio A. Kessler == http://sak.org.ar =-
You can have it soon, cheap and working; choose *two*.
From | Date | Subject | |
---|---|---|---|
Next Message | Tom Lane | 1999-11-19 22:43:22 | Re: [INTERFACES] pg_pwd |
Previous Message | Wayne Liang | 1999-11-19 18:32:08 | Problem with compiling programs |