Patch applied. Thanks Tatsuo and Tom.
> Tatsuo Ishii <[EMAIL PROTECTED]> writes: > > As you can see, psql reconnect as any user if the password is same as > > foo. Of course this is due to the careless password setting, but I > > think it's better to prompt ANY TIME the user tries to switch to > > another user. Comments? > > Yeah, I agree. Looks like a simple change in dbconnect(): > > /* > * Use old password if no new one given (if you didn't have an old > * one, fine) > */ > if (!pwparam && oldconn) > pwparam = PQpass(oldconn); > > to > > /* > * Use old password (if any) if no new one given and we are > * reconnecting as same user > */ > if (!pwparam && oldconn && PQuser(oldconn) && userparam && > strcmp(PQuser(oldconn), userparam) == 0) > pwparam = PQpass(oldconn); > > regards, tom lane > > ---------------------------(end of broadcast)--------------------------- > TIP 3: if posting/reading through Usenet, please send an appropriate > subscribe-nomail command to [EMAIL PROTECTED] so that your > message can get through to the mailing list cleanly > -- Bruce Momjian | http://candle.pha.pa.us [EMAIL PROTECTED] | (610) 853-3000 + If your life is a hard drive, | 830 Blythe Avenue + Christ can be your backup. | Drexel Hill, Pennsylvania 19026 ---------------------------(end of broadcast)--------------------------- TIP 1: subscribe and unsubscribe commands go to [EMAIL PROTECTED]