Another reason for mysql over postgresql
Niall Kavanagh
niall at kst.com
Thu May 4 10:08:59 EDT 2000
Date Reported: 4/23/2000
Vulnerability: postgresql-plaintext-passwords
Platforms Affected: PostgreSQL
Risk Factor: Medium
Attack Type: Host Based
PostgreSQL is an open-source relational database management system (DBMS)
that supports SQL constructs. The program stores its usernames and
passwords in plaintext format in a file called pg_shadow that is readable
by the postgres user and root. A local attacker can run strings on the
file to obtain database usernames and passwords.
Reference:
Bugtraq Mailing List: "Postgresql cleartext password storage" at:
http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000423220245.A2
--
Niall Kavanagh, niall at kst.com
News, articles, and resources for web professionals and developers:
http://www.kst.com
-
Subcription/unsubscription/info requests: send e-mail with
"subscribe", "unsubscribe", or "info" on the first line of the
message body to discuss-request at blu.org (Subject line is ignored).
More information about the Discuss
mailing list