From 78f7ba13cbb912ff47fe1bd7b0f1d0796132f87f Mon Sep 17 00:00:00 2001
From: Bruce Momjian <bruce@momjian.us>
Date: Thu, 11 Oct 2001 16:54:18 +0000
Subject: [PATCH] Tatsuo Ishii <t-ishii@sra.co.jp> writes: > As you can see,
 psql reconnect as any user if the password is same as > foo. Of course this
 is due to the careless password setting, but I > think it's better to prompt
 ANY TIME the user tries to switch to > another user. Comments?

Yeah, I agree.  Looks like a simple change in dbconnect():

    /*
     * Use old password if no new one given (if you didn't have an old
     * one, fine)
     */
    if (!pwparam && oldconn)
        pwparam = PQpass(oldconn);

to

    /*
     * Use old password (if any) if no new one given and we are
     * reconnecting as same user
     */
    if (!pwparam && oldconn && PQuser(oldconn) && userparam &&
        strcmp(PQuser(oldconn), userparam) == 0)
        pwparam = PQpass(oldconn);

                        regards, tom lane
---
 src/bin/psql/command.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/bin/psql/command.c b/src/bin/psql/command.c
index 10c28d7bfdc..b6f8be54e86 100644
--- a/src/bin/psql/command.c
+++ b/src/bin/psql/command.c
@@ -3,7 +3,7 @@
  *
  * Copyright 2000 by PostgreSQL Global Development Group
  *
- * $Header: /cvsroot/pgsql/src/bin/psql/command.c,v 1.59 2001/10/05 19:01:13 momjian Exp $
+ * $Header: /cvsroot/pgsql/src/bin/psql/command.c,v 1.60 2001/10/11 16:54:18 momjian Exp $
  */
 #include "postgres_fe.h"
 #include "command.h"
@@ -1287,7 +1287,8 @@ do_connect(const char *new_dbname, const char *new_user)
 	 * Use old password if no new one given (if you didn't have an old
 	 * one, fine)
 	 */
-	if (!pwparam && oldconn)
+	if (!pwparam && oldconn && PQuser(oldconn) && userparam &&
+		strcmp(PQuser(oldconn), userparam) == 0)
 		pwparam = PQpass(oldconn);
 
 	do
-- 
GitLab