| From: | Matt Sullivan <matt(at)sullivan(dot)gen(dot)nz> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: Serious problem within authentication subsystem in 7.0 |
| Date: | 2000-05-23 01:54:20 |
| Message-ID: | Pine.LNX.3.96.1000523134250.23208A-100000@feta.sullivan.gen.nz |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Mon, 22 May 2000, Tom Lane wrote:
> Matt Sullivan <matt(at)sullivan(dot)gen(dot)nz> writes:
> > Essentially, in our environment, we require password authentication as
> > a defacto. However it appears that once a user has authenticated with
> > the backend it is possible for that user to trivially assume root dba
> > privileges or privileges of any other dba user.
>
> It appears that psql will auto-supply the previously entered password,
> so if you were using the same password for all your accounts then this
> might happen. Otherwise it's pretty hard to believe. That new
> connection is to a new backend; there's no way for it to know that you
> were previously connected.
>
> Offhand I think it would be a good idea for psql to insist on a new
> password if the \connect command gives a new user name...
Ok, phew...
matt=> \c wwwdata wwwdata
Password authentication failed for user 'wwwdata'
Previous connection kept
matt=>
This would infer though that the passwd data is cached within each instance of
psql which could present it's own set of security risks.
I would think that it should probably be *forgotton* after authentication is
established and required on any new \connect. This might present some issues
with pg_dump etc. I guess though.
Matt.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Bruce Momjian | 2000-05-23 01:56:01 | MySQL crashme |
| Previous Message | The Hermit Hacker | 2000-05-23 01:41:49 | Re: OO Patch |