Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU

BLU Discuss list archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Another reason for mysql over postgresql

Date Reported:          4/23/2000
Vulnerability:          postgresql-plaintext-passwords
Platforms Affected:     PostgreSQL
Risk Factor:            Medium
Attack Type:            Host Based

PostgreSQL is an open-source relational database management system (DBMS)
that supports SQL constructs. The program stores its usernames and
passwords in plaintext format in a file called pg_shadow that is readable
by the postgres user and root. A local attacker can run strings on the
file to obtain database usernames and passwords.

Bugtraq Mailing List: "Postgresql cleartext password storage" at:

Niall Kavanagh, niall at
News, articles, and resources for web professionals and developers:

Subcription/unsubscription/info requests: send e-mail with
"subscribe", "unsubscribe", or "info" on the first line of the
message body to discuss-request at (Subject line is ignored).

BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!

Boston Linux & Unix /