| From: | rob(at)northleaf(dot)com |
|---|---|
| To: | pgsql-bugs(at)postgresql(dot)org |
| Subject: | BUG #8628: md5 security hole |
| Date: | 2013-11-24 16:49:05 |
| Message-ID: | E1Vkcrp-0005Qb-6s@wrigleys.postgresql.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs |
The following bug has been logged on the website:
Bug reference: 8628
Logged by: Robert Nichols0n
Email address: rob(at)northleaf(dot)com
PostgreSQL version: 9.3.1
Operating system: Ubuntu Desktop 64 bit
Description:
I am able to login without a password when the password field is null. If
the field is not null the functionality seems normal, I get rejected unless
the password is correct. This makes password based login ridiculous. Is
this a bug or designed in? I login with my own code (Qt based) or with
pgAdmin III and I find the same bug. Is it not possible to require a
password at login?
My pg_hba.conf is:
# TYPE DATABASE USER ADDRESS METHOD
# "local" is for Unix domain socket connections only
#local all all md5
# IPv4 local connections:
hostssl all all 127.0.0.1/32 md5
# IPv6 local connections:
#host all all ::1/128 trust
Thank you.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Pavel Stehule | 2013-11-24 19:28:14 | Re: Re: [BUGS] BUG #7873: pg_restore --clean tries to drop tables that don't exist |
| Previous Message | Tom Lane | 2013-11-24 16:09:57 | Re: BUG #8611: ECPG: unclosed comment "/*" |