Re: Security problem in psql frontends

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: ecsaba(at)pcszoftver(dot)hu, pgsql-bugs(at)postgresql(dot)org
Subject: Re: Security problem in psql frontends
Date: 2000-11-13 15:37:41
Message-ID: 9388.974129861@sss.pgh.pa.us
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-bugs

pgsql-bugs(at)postgresql(dot)org writes:
> I can connect to the database with a valid username and with a false
> password. Why ?

No doubt it's because you've got pg_hba.conf set to "trust" ...
passwords aren't checked unless pg_hba.conf specifies a password-
based authentication mechanism. See
http://www.postgresql.org/users-lounge/docs/7.0/postgres/security.htm

regards, tom lane

In response to

Browse pgsql-bugs by date

  From Date Subject
Next Message pgsql-bugs 2000-11-13 20:37:50 JDBC driver DatabaseMetaData.getTables() unconditionally lowercases tableName pattern
Previous Message Erdei Csaba 2000-11-13 07:16:04 Csaba Erdei : Security problem in psql frontends