I can connect to the database with a valid username
and with a false password. Why ? I think it isn't a wery good solution,
because knowing the administrator's username will give all access to
everybody.
Regards,
Csaba Erdei
Csaba Erdei ([EMAIL PROTECTED]) reports a bug with a severity of 2
The lower the number the more severe it is.
Short Description
Security problem in psql frontends
Long Description
I can connect to the database with a valid username and with a false password. Why ?
I think it isn't a wery good
Thomas Lockhart wrote:
>
> Because of the common and documented cutoff date (1970 currently, 1950
> in some other apps) used to solve this problem.
Most database software I have seen uses some form of setting to control
the actual date used here, and that is the most long-term solution.
somethi
> I don't worry, we have to_char/date already better than original
> Oracle's to_char() :-)
:)
Yes, and you'll find that the code will settle down and need very little
attention from here on. Our other date/time code has been around for 3
or 4 years now, and goes months without anyone even aski
currently use 1970 as the transition for centuries with two digit years
> (I did this as a nod to Unix) but I believe it is more common to use
> 1950 as the transition year. I don't feel a need to move to this more
> common convention, but would be willing to do so if others see
