Hello, Is it correct to assume that if a user has write permission to \data\global\pg_auth on a Win32 machine, the superuser's MD5 hash can be replaced with one of a known origin in order to own the DB? I do practice as noted in the Win FAQ, just want to make sure I am not missing something: "If you are running PostgreSQL on a multi-user system, you should remove the permissions from all non-administrative users from the PostgreSQL directories. No user ever needs permissions on the PostgreSQL files - all communication is done through the libpq connection. Direct access to data files can lead to information disclosure or system instability!" Thanks in advance for any input, Peter van der Maas
