Re: Replacing MD5 hash in pg_auth...

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Steve Atkins <steve(at)blighty(dot)com>
Cc: pgsql general <pgsql-general(at)postgresql(dot)org>
Subject: Re: Replacing MD5 hash in pg_auth...
Date: 2006-04-15 04:15:01
Message-ID: 12836.1145074501@sss.pgh.pa.us
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-general

Steve Atkins <steve(at)blighty(dot)com> writes:
> On Apr 14, 2006, at 6:47 PM, Peter van der Maas wrote:
>> Is it correct to assume that if a user has write permission to
>> \data\global\pg_auth on a Win32 machine, the superuser's MD5 hash
>> can be replaced with one of a known origin in order to own the DB?

> Probably. It'd be much easier to edit pg_hba.conf, though.

Actually, if you have write permission on the $PGDATA tree, you
*already* own the DB for every practical purpose. Focusing on passwords
is silly.

regards, tom lane

In response to

Browse pgsql-general by date

  From Date Subject
Next Message Shoaib Mir 2006-04-15 05:24:59 21 bit number for sequence
Previous Message Steve Atkins 2006-04-15 03:25:32 Re: Replacing MD5 hash in pg_auth...