Security problem in psql frontends
Csaba Erdei (ecsaba@pcszoftver.hu) reports a bug with a severity of 2
The lower the number the more severe it is.
Short Description
Security problem in psql frontends
Long Description
I can connect to the database with a valid username and with a false password. Why ?
I think it isn't a wery good solution, because knowing the administrator's username will give all access to everybody.
Regards,
Csaba Erdei
Sample Code
No file was uploaded with this report
pgsql-bugs@postgresql.org writes:
I can connect to the database with a valid username and with a false
password. Why ?
No doubt it's because you've got pg_hba.conf set to "trust" ...
passwords aren't checked unless pg_hba.conf specifies a password-
based authentication mechanism. See
http://www.postgresql.org/users-lounge/docs/7.0/postgres/security.htm
regards, tom lane