| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Peter Eisentraut <peter_e(at)gmx(dot)net> |
| Cc: | Tatsuo Ishii <t-ishii(at)sra(dot)co(dot)jp>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: psql and security |
| Date: | 2001-09-21 14:36:38 |
| Message-ID: | 28109.1001082998@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general pgsql-hackers |
Peter Eisentraut <peter_e(at)gmx(dot)net> writes:
> concluding that this password is valid for all databases is trivial since
> that's the default setup.
No, I think you're missing the point --- we're concerned about
reconnecting as a different user, not reconnecting to a different
database. The issue is that psql will silently try to use user A's
password to authenticate as user B. While one would hope that this
fails, it doesn't seem like a good idea even to try it.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Juan Jose Comellas | 2001-09-21 16:14:36 | Recursive queries |
| Previous Message | Doug McNaught | 2001-09-21 14:34:21 | Re: Problem: Failed Make on Linux Pgres v. 7.1.2 |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Jean-Michel POURE | 2001-09-21 14:40:12 | int4eq (xid, int4) |
| Previous Message | Tom Lane | 2001-09-21 14:32:33 | Re: [HACKERS] psql and security |