Replacing MD5 hash in pg_auth...

From: "Peter van der Maas" <peter(at)abitogroup(dot)com>
To: <pgsql-general(at)postgresql(dot)org>
Subject: Replacing MD5 hash in pg_auth...
Date: 2006-04-15 01:47:09
Message-ID: 7EEC9DAC2502EF4FACFE8CC8408DAFEA7691@sbs-1.abito.local
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-general

Hello,

Is it correct to assume that if a user has write permission to
\data\global\pg_auth on a Win32 machine, the superuser's MD5 hash can be
replaced with one of a known origin in order to own the DB?

I do practice as noted in the Win FAQ, just want to make sure I am not
missing something:

"If you are running PostgreSQL on a multi-user system, you should remove
the permissions from all non-administrative users from the PostgreSQL
directories. No user ever needs permissions on the PostgreSQL files -
all communication is done through the libpq connection. Direct access to
data files can lead to information disclosure or system instability!"

Thanks in advance for any input,
Peter van der Maas

Responses

Browse pgsql-general by date

  From Date Subject
Next Message Steve Atkins 2006-04-15 03:25:32 Re: Replacing MD5 hash in pg_auth...
Previous Message Sam Thukral 2006-04-15 01:41:06 Fetch in select statement