On Wed, Jun 24, 2009 at 9:52 AM, Tom Lane<tgl@xxxxxxxxxxxxx> wrote: > "Albe Laurenz" <laurenz.albe@xxxxxxxxxx> writes: >> Robert Haas wrote: >>> I don't think this is true. You can use SET SESSION AUTHORIZATION, >>> right? > >> You are right, I overlooked that. >> It is restricted to superusers though. > > That sort of thing is only workable if you have trustworthy client code > that controls what queries the users can issue. If someone can send raw > SQL commands then he just needs to do RESET SESSION AUTHORIZATION to > become superuser. Good point, although since the OP said it was a webapp, they probably have control over that. ...Robert -- Sent via pgsql-performance mailing list (pgsql-performance@xxxxxxxxxxxxxx) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-performance
