why am i able to access my db with username and ANY password?
i tried accessing my db with a known username in pgsql's access, but any
password works. this is even with the password assigned when the user was
created.
Have you set pg_hba.conf to use a password-based authentication method?
regards, tom lane
On Sat, 20 Jan 2001, Tom Lane wrote:
Have you set pg_hba.conf to use a password-based authentication method?
i just went over that doc. comning from mysql bg here. so all this is
still foreign to me. but i'm learning. btw, i'll volunteer some time for
docs as soon as i have them ;-)
At 10:21 PM 1/20/01 -0600, Thomas T. Thai wrote:
i tried accessing my db with a known username in pgsql's access, but any
password works. this is even with the password assigned when the user was
created.
You have to add controls in the pg_hba.conf file. Add a password line and
postgresql will start checking for passwords.
However before that make sure you set the passwords with the various alter
user and create user SQL commands, or you might find you have to restart
postgresql again ;). If you forget, the postgresql super user password used
to be \N by default. Look in one of the password files in the DATA
directory for it.
When you turn on password checking you'll find that some of the scripts
won't work. For example pg_dump_all won't work but pg_dump can still work.
A number of the scripts are designed to work in a passwordless environment.
Cheerio,
Link.