psql runs only from the server, while pgAdmin (which is a standard installation in PostgerSQL for windows) easily installed in any clients.
In a network with several different projects & many databases that requires dozens of superuser, pg_hba could provide the required access control. In this bug, when one superuser password compromised, then all database can be dropped from any clients using pgAdmin. IMO this is a major security problem on pgAdmin software. Regards, Mudy 2010/7/29 Guillaume Lelarge <guilla...@lelarge.info> > Le 29/07/2010 07:34, Mudy Situmorang a écrit : > > Superuser without pg_hba could drop database from client at pgAdminIII > > Object browser by left click & Delete/Drop. > > > > User has superuser rights, but no pg_hba connection entry for the host. > > > > There are warnings on left click, twice: > > An error has occured: > > FATAL: no pg_hba.conf entry for host "172.17.0.8", user "tempuser", > database > > "testdatabase", SSL on > > FATAL: no pg_hba.conf entry for host "172.17.0.8", user "tempuser", > database > > "testdatabase", SSL off > > > > Then context menu appear, click Delete/Drop, Yes on confirmation. > > > > The database is gone. > > > > > > pgAdminIII at client: > > Windows XP > > pgAdminIII 1.10.3 (from PostgreSQL 8.4 windows package) > > > > > > PostgreSQL 8.4 server: > > Ubuntu 10.04 > > > > > > > > I think it is very dangerous. > > > > This is not an issue with pgAdmin. You can do the same with psql. > > BTW, pg_hba.conf file controls who has the right to connect to one > database or another, not the rights users have on objects. To drop a > database, you need to be its owner or a superuser, and you need that > noone is connected to this database. It has nothing to do with the fact > that you are allowed to connect to it. > > > -- > Guillaume > http://www.postgresql.fr > http://dalibo.com >
