Re: BUG #8628: md5 security hole

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: rob(at)northleaf(dot)com
Cc: pgsql-bugs(at)postgresql(dot)org
Subject: Re: BUG #8628: md5 security hole
Date: 2013-11-26 16:50:09
Message-ID: 8882.1385484609@sss.pgh.pa.us
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-bugs

rob(at)northleaf(dot)com writes:
> I am able to login without a password when the password field is null.

Works as expected for me. Typically, when people complain that password
auth is unexpectedly letting them in, it's because the server isn't
actually using the pg_hba.conf setting they think it is (don't forget to
SIGHUP or restart the postmaster after editing that file), or they have
a ~/.pgpass file that's supplying the password for them.

regards, tom lane

In response to

Browse pgsql-bugs by date

  From Date Subject
Next Message bricklen 2013-11-26 16:52:04 Re: BUG #8629: Strange resultset when using CTE or a subselect
Previous Message Patrick Lademan 2013-11-26 16:46:47 Re: Concat truncates at 257 characters