Skip site navigation (1) Skip section navigation (2)

phpPgAdmin Security hole

From: Frank Hilliard <frankhilliard(at)shaw(dot)ca>
To: pgsql-novice(at)postgresql(dot)org
Subject: phpPgAdmin Security hole
Date: 2001-12-21 21:47:38
Message-ID: 3C23ADFA.2080504@shaw.ca (view raw or flat)
Thread:
Lists: pgsql-novice
I've just discovered that password protection for phpPgAdmin may not be 
functioning if the postgres config file isn't set to require passwords. 
It's sure easy to check, just type in postgres as a username and  a 
bogus password and it still works! The quick, but dirty, fix is to 
change the default directory to some other name.

Frank Hilliard
http://frankhilliard.com/


In response to

pgsql-novice by date

Next:From: Francisco ReyesDate: 2001-12-21 22:00:24
Subject: Variable + string concatenation?
Previous:From: Tom LaneDate: 2001-12-21 19:13:09
Subject: Re: appropriate sort_mem & shared buffers

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group