Tony Caduto wrote:
I had installed the win32 version awhile ago, but I had the pg_hba.conf
set to trust. Then I started to test SSL on win32 so I changed it to this:
host all all 127.0.0.1/32 md5
host all all 192.168.15.131/32 md5 #my pcs adddress
And I ensured the service had been restarted after making the change to
md5 instead of trust for my PC address.
Ok, here is the problem, If I pass in a blank password '' the md5
authentication is not done and I simply go right in with full access.
If I pass in a space ' ' the I get the password authentication error.
Normally with a blank password I would expect to see the no password
supplied error, but that is not happening on win32 it just gives full
blown access.
Here is the connect string being passed to libpq.dll when I use the
blank password, this string is captured from the debugger:
hostaddr='10.201.170.131' port='5432' dbname='template1' user='postgres'
password='' connect_timeout='15' sslmode=disable
I tried the same thing on a Linux server and it does not behave this
way, only on win32.
I then uninstalled 8.2.1 on the win32 box and completely deleted the
data directory and reinstalled and the same behavior prevailed.
I know a new connect GRANT was enabled in 8.2, but I though that was in
addition to the first checks done in pg_hba.conf.
Maybe I am doing something wrong, but it sure doesn't seem that way.
Like I said it "might" be a bug.
Question, I hope stupid, postgres user HAS a password right?