The following bug has been logged online:
Bug reference: 1001
Logged by: Alan W. Irwin
Email address: [EMAIL PROTECTED]
PostgreSQL version: 7.4
Operating system: Debian stable (Linux)
Description: Inconsistent authentication between psql and PQconnectdb -
possible security implications?
Details:
I use "ident sameuser" authentication. Here are the relevant details from pg_hba.conf.
local all all ident sameuser
host all all 127.0.0.1 255.255.255.255 ident sameuser
host all all 0.0.0.0 0.0.0.0 reject
All is well with psql authentication. However, when I tried to
use knoda/hk_classes to access the database, I could not get authenticated. A typical
error message was IDENT authentication failed for user "irwin". When I traced this
down through the hk_classes code it was using PQconnectdb to connnect to the database,
and there were complaints in the postgresql log that the identd server was not
available. All knoda/hk_classes/PQconnectdb problems disappeared when I installed
identd (apt-get install pidentd) on my Debian stable system. So all seems well when
identd is installed, but there may be a security concern with psql when it is not. On
the other hand, if psql is actually secure when identd is not running, then why isn't
PQconnectdb using the exact same (secure) method of authentication for this case?
Note, this authentication inconsistency between psql and PQconnectdb in the absence
of an identd server occurs both for a postgresql-7.4 version that I built and
installed myself and also for the Debian stable version (7.2.1-2woody4) of postgresql.
---------------------------(end of broadcast)---------------------------
TIP 9: the planner will ignore your desire to choose an index scan if your
joining column's datatypes do not match
