| From: | "Zeugswetter Andreas SB SD" <ZeugswetterA(at)spardat(dot)at> |
|---|---|
| To: | "Peter Eisentraut" <peter_e(at)gmx(dot)net>, "Tatsuo Ishii" <t-ishii(at)sra(dot)co(dot)jp> |
| Cc: | <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: psql and security |
| Date: | 2001-09-21 14:21:31 |
| Message-ID: | 46C15C39FEB2C44BA555E356FBCD6FA421273E@m0114.s-mxs.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
> > As you can see, psql reconnect as any user if the password is same
as
> > foo. Of course this is due to the careless password setting, but I
> > think it's better to prompt ANY TIME the user tries to switch to
> > another user.
>
> I'm not sure. A few users have voiced concerns about this before, but
we
> have no count of the users that might enjoy this convenience. ;-)
>
> Basically, the attack scenario here is that if you have a psql running
and
> leave your terminal, someone else can come in and get access to any
other
> database that you might have access to, without knowing your password.
> But given a running psql, figuring out the password isn't so hard
(running
> a debugger or inducing a core dump would be likely options), and
> concluding that this password is valid for all databases is trivial
since
> that's the default setup.
This feature was added to conveniently let an already connected user
switch to another database. Imho you could distinguish the exact case at
hand,
where a new user was specified and prompt for a new password.
Andreas
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Marc G. Fournier | 2001-09-21 14:21:55 | Re: cvsup trouble |
| Previous Message | Thomas Lockhart | 2001-09-21 13:26:36 | Re: cvsup trouble |