Re: wrong password accepted

From: Sam Barnett-Cormack <s(dot)barnett-cormack(at)lancaster(dot)ac(dot)uk>
To: Raphael Bauduin <raphael(at)be(dot)easynet(dot)net>
Cc: pgsql-admin(at)postgresql(dot)org
Subject: Re: wrong password accepted
Date: 2003-08-29 13:22:07
Message-ID: Pine.LNX.4.50.0308291421200.25177-100000@short.lancs.ac.uk
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-admin

On Fri, 29 Aug 2003, Raphael Bauduin wrote:

> Hi,
>
> this is a strange situation I just discovered on a postgresql
> 7.2.1-2woody2 (Debian as you can see...). I use pg_hba to specify
> password ahtentications for clients. HEre's the line:
> host all 127.0.0.1 255.255.255.0 password pass-file
>
> I just discovered that when I use the correct password to whach I append
> text, it is accepted (though this is not correct...)
> For example, if my password is postgres, the following will also be
> accepted: postgresql, postgresblabla, postgres2 ...... but it will
> reject postgrex eg.

If the password mechanism uses standard crypt() passwords, then only the
first eight letters count. It just happens that postgres is eight
letters long.

This has been a public service educated guess.

--

Sam Barnett-Cormack
Software Developer | Student of Physics & Maths
UK Mirror Service (http://www.mirror.ac.uk) | Lancaster University

In response to

Responses

Browse pgsql-admin by date

  From Date Subject
Next Message Tom Lane 2003-08-29 13:45:52 Re: Can not deleted all record
Previous Message Raphael Bauduin 2003-08-29 13:12:40 wrong password accepted