Re: Serious problem within authentication subsystem in 7.0

On Mon, 22 May 2000, Tom Lane wrote:

> Matt Sullivan <matt@sullivan.gen.nz> writes:
> > Essentially, in our environment, we require password authentication as
> > a defacto.  However it appears that once a user has authenticated with
> > the backend it is possible for that user to trivially assume root dba
> > privileges or privileges of any other dba user.
> 
> It appears that psql will auto-supply the previously entered password,
> so if you were using the same password for all your accounts then this
> might happen.  Otherwise it's pretty hard to believe.  That new
> connection is to a new backend; there's no way for it to know that you
> were previously connected.
> 
> Offhand I think it would be a good idea for psql to insist on a new
> password if the \connect command gives a new user name...

Ok, phew...
 matt=> \c wwwdata wwwdata Password authentication failed for user 'wwwdata' Previous connection kept matt=> 

This would infer though that the passwd data is cached within each instance of
psql which could present it's own set of security risks. 
I would think that it should probably be *forgotton* after authentication is
established and required on any new \connect.  This might present some issues
with pg_dump etc. I guess though.


Matt.