Superuser without pg_hba could drop database from client at pgAdminIII
Object browser by left click & Delete/Drop.
User has superuser rights, but no pg_hba connection entry for the host.
There are warnings on left click, twice:
An error has occured:
FATAL: no pg_hba.conf entry for host "172.17.0.
this bug, when one superuser password compromised, then all database can
be dropped from any clients using pgAdmin.
IMO this is a major security problem on pgAdmin software.
Regards,
Mudy
2010/7/29 Guillaume Lelarge
> Le 29/07/2010 07:34, Mudy Situmorang a écrit :
> > Superuser w
Ok, Thanks for the answer.
2010/7/29 Guillaume Lelarge
> Le 29/07/2010 09:15, Mudy Situmorang a écrit :
> > psql runs only from the server, while pgAdmin (which is a standard
> > installation in PostgerSQL for windows) easily installed in any clients.
> >
>
> Wrong.
