Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Another reason for mysql over postgresql



Date Reported:          4/23/2000
Vulnerability:          postgresql-plaintext-passwords
Platforms Affected:     PostgreSQL
Risk Factor:            Medium
Attack Type:            Host Based

PostgreSQL is an open-source relational database management system (DBMS)
that supports SQL constructs. The program stores its usernames and
passwords in plaintext format in a file called pg_shadow that is readable
by the postgres user and root. A local attacker can run strings on the
file to obtain database usernames and passwords.

Reference:
Bugtraq Mailing List: "Postgresql cleartext password storage" at:
http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000423220245.A2


--
Niall Kavanagh, niall at kst.com
News, articles, and resources for web professionals and developers:
http://www.kst.com

-
Subcription/unsubscription/info requests: send e-mail with
"subscribe", "unsubscribe", or "info" on the first line of the
message body to discuss-request at blu.org (Subject line is ignored).




BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org