Steve Atkins <steve@xxxxxxxxxxx> writes: > On Apr 14, 2006, at 6:47 PM, Peter van der Maas wrote: >> Is it correct to assume that if a user has write permission to >> \data\global\pg_auth on a Win32 machine, the superuser's MD5 hash >> can be replaced with one of a known origin in order to own the DB? > Probably. It'd be much easier to edit pg_hba.conf, though. Actually, if you have write permission on the $PGDATA tree, you *already* own the DB for every practical purpose. Focusing on passwords is silly. regards, tom lane
