psql runs only from the server, while pgAdmin (which is a standard installation in PostgerSQL for windows) easily installed in any clients.
In a network with several different projects & many databases that requires dozens of superuser, pg_hba could provide the required access control.
In this bug, when one superuser password compromised, then all database can be dropped from any clients using pgAdmin.
IMO this is a major security problem on pgAdmin software.
Regards,
Mudy
2010/7/29 Guillaume Lelarge
<guillaume@lelarge.info>Le 29/07/2010 07:34, Mudy Situmorang a écrit :
> Superuser without pg_hba could drop database from client at pgAdminIII
> Object browser by left click & Delete/Drop.
>
> User has superuser rights, but no pg_hba connection entry for the host.
>
> There are warnings on left click, twice:
> An error has occured:
> FATAL: no pg_hba.conf entry for host "172.17.0.8", user "tempuser", database
> "testdatabase", SSL on
> FATAL: no pg_hba.conf entry for host "172.17.0.8", user "tempuser", database
> "testdatabase", SSL off
>
> Then context menu appear, click Delete/Drop, Yes on confirmation.
>
> The database is gone.
>
>
> pgAdminIII at client:
> Windows XP
> pgAdminIII 1.10.3 (from PostgreSQL 8.4 windows package)
>
>
> PostgreSQL 8.4 server:
> Ubuntu 10.04
>
>
>
> I think it is very dangerous.
>
This is not an issue with pgAdmin. You can do the same with psql.
BTW, pg_hba.conf file controls who has the right to connect to one
database or another, not the rights users have on objects. To drop a
database, you need to be its owner or a superuser, and you need that
noone is connected to this database. It has nothing to do with the fact
that you are allowed to connect to it.
--
Guillaume
http://www.postgresql.fr
http://dalibo.com