| From: | Oliver Elphick <olly(at)lfix(dot)co(dot)uk> |
|---|---|
| To: | Fred Parkinson <FredP(at)abag(dot)ca(dot)gov> |
| Cc: | pgsql-odbc(at)postgresql(dot)org |
| Subject: | Re: fyi: possible security bug linking from MS Access |
| Date: | 2003-11-17 21:42:37 |
| Message-ID: | 1069105357.16449.6.camel@linda.lfix.co.uk |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-odbc |
On Mon, 2003-11-17 at 20:28, Fred Parkinson wrote:
> I am using ms access (XP, aka 2002) to link to a postgres database with
> odbc driver 7.02.00.05 and using the ms access facilities
> File>Get external data>link tables>ODBC databases().
>
> If I start my app the normal way I am asked to provide a postgres user
> and password.
>
> However, if i start Access with the shift key down, so my startup form
> doesn't open, delete my table links and relink, I am never asked for my
> postgres user and password yet am successfully linked to the postgres
> tables and my app behaves normally. I simply open the startup form and
> I am in without needing the postgres user and password.
It sounds as if the server is set to allow open access using "trust"
authentication. The relevant file on the server is $PGDATA/pg_hba.conf;
read the chapter on client authentication in the PostgreSQL manuals.
--
Oliver Elphick Oliver(dot)Elphick(at)lfix(dot)co(dot)uk
Isle of Wight, UK http://www.lfix.co.uk/oliver
GPG: 1024D/3E1D0C1C: CA12 09E0 E8D5 8870 5839 932A 614D 4C34 3E1D 0C1C
========================================
"For by grace are ye saved through faith; and that not
of yourselves. It is the gift of God; not of works,
lest any man should boast." Ephesians 2:8,9
| From | Date | Subject | |
|---|---|---|---|
| Next Message | alexandre :: aldeia digital | 2003-11-18 20:25:09 | Re: Use Declare/Fetch and PG 7.4 (Hiroshi?) |
| Previous Message | Fred Parkinson | 2003-11-17 20:28:43 | fyi: possible security bug linking from MS Access |