Re: BUG #8628: md5 security hole
| От | Francisco Olarte |
|---|---|
| Тема | Re: BUG #8628: md5 security hole |
| Дата | |
| Msg-id | CA+bJJbyXbMgWnTfy9C7dDomWP38XPhtKoXaMzX78vvErssob8w@mail.gmail.com обсуждение исходный текст |
| Ответ на | BUG #8628: md5 security hole (rob@northleaf.com) |
| Список | pgsql-bugs |
Hi Rob_
On Sun, Nov 24, 2013 at 5:49 PM, <rob@northleaf.com> wrote:
> I am able to login without a password when the password field is null. If
> the field is not null the functionality seems normal, I get rejected unless
> the password is correct. This makes password based login ridiculous. Is
> this a bug or designed in? I login with my own code (Qt based) or with
> pgAdmin III and I find the same bug. Is it not possible to require a
> password at login?
I doubt a bug like that would have remain uncovered for a long time,
so this has a strong PEBKAC smell.
What do you mean by 'the password field' ? The only similar thing
which I would describe as a 'password field' in a databaseis the
pg_authid.rolpasswd column, which is described as 'Password (possibly
encrypted); null if none.', which would give something which could be
easily interpreted as what you are reporting, making the behaviour you
describe exactly the documented one and your report a misinterpreted
pilot error. Maybe if you add a little more detail and do a little
legwork before making such a strong statement someone can help you.
Regards.
Francisco Olarte.
В списке pgsql-bugs по дате отправления: