"Albe Laurenz" <laurenz.albe@xxxxxxxxxx> writes: > Robert Haas wrote: >> I don't think this is true. You can use SET SESSION AUTHORIZATION, >> right? > You are right, I overlooked that. > It is restricted to superusers though. That sort of thing is only workable if you have trustworthy client code that controls what queries the users can issue. If someone can send raw SQL commands then he just needs to do RESET SESSION AUTHORIZATION to become superuser. regards, tom lane -- Sent via pgsql-performance mailing list (pgsql-performance@xxxxxxxxxxxxxx) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-performance
