Re: Security question: are these vulnerabilities addressed?
Douglas Allan Tutty <firstname.lastname@example.org> writes:
> On Sun, Jun 03, 2007 at 12:50:51AM -0400, Scott Gifford wrote:
>> Douglas Allan Tutty <email@example.com> writes:
>> > On Fri, Jun 01, 2007 at 12:07:23AM -0400, Scott Gifford wrote:
>> >> Postgres completely fell apart, and it took many hours to piece things
>> >> back together.
>> > Did you have a postgres dump just prior to the upgrade? In what way did
>> > it fall apart? What did you have to do to piece things back together;
>> > didn't restoring from the dump work?
>> The data was OK, but it lost all the user accounts. It's been a few
>> months now and my memory is a bit hazy, but IIRC, the format of the
>> Postgres password file changed between versions.
> I thought that a pg_dumpall would dump all the users with their
> passwords so that when the dump was run by the new version, the file
> would be created correctly from the data in the dump. I thought that
> was the whole reason for doing a pg_dump rather than just backing up the
> postgres home directory with it stopped.
I believe it dumped the passwords, but didn't upgrade them properly
when they were restored. I don't know exactly what happened, though,
unfortunately; I was too busy fixing things to keep detailed notes.