NEED SOME HELP on SECURING POSTGRESQL DATABASE

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • markanthonyermac
    New Member
    • Mar 2008
    • 2
    #1

    NEED SOME HELP on SECURING POSTGRESQL DATABASE

    Hi, I am an IT student here in teh philippines. Our final project for this semester is to make a system for our school museum.

    Our professor tested our authentication function.

    He was able to access the administrator's main page. He didn't signed up for an account as an administrator but he just type the fillowing in our input fields.

    username : Administrator
    password: (i don't know what he wrote..it's long).

    What will i do in order for him not to go inside our system.
    what will i do? thanks in advance.

    -Mark Anthony Ermac
    Tags: None
    • JosAH
      Recognized Expert MVP
      • Mar 2007
      • 11453
      #2
      Change the password for the Administrator account and then ask your professor
      to break in again; he must've known the current password and is fooling you.

      kind regards,

      Jos

        Comment

        • markanthonyermac
          New Member
          • Mar 2008
          • 2
          #3
          Iv'e already initialized that only one account can sign up for the admin account. and i already signed up as "markanthonyerm ac".

          How come he was still able to break in?

          is this a sort of hacking? lols.

          or i should configure the "pg_hba.con f" file for postgres?

          help me.

          thanks.

            Comment

            • sicarie
              Recognized Expert Specialist
              • Nov 2006
              • 4677
              #4
              Originally posted by markanthonyerma c
              Iv'e already initialized that only one account can sign up for the admin account. and i already signed up as "markanthonyerm ac".

              How come he was still able to break in?

              is this a sort of hacking? lols.

              or i should configure the "pg_hba.con f" file for postgres?

              help me.

              thanks.
              Is there a default admin account? Change the password on that. Also, fully update and patch the machine and the SQL software. Then run a sniffer like wireshark while you are connecting and authenticating (unless this is locally) and make sure you're not sending anything cleartext. If it's local, make sure the account you give your professor is a limited user account (not admin).

                Comment

                Previous template Next
                Working...