On 2006-04-15, "Peter van der Maas" <peter@xxxxxxxxxxxxxx> wrote: > Hello, > > Is it correct to assume that if a user has write permission to > \data\global\pg_auth on a Win32 machine, the superuser's MD5 hash can be > replaced with one of a known origin in order to own the DB? It's worse than that. If you can _read_ pg_auth, then you can log in as any user who has an MD5 password provided that pg_hba.conf allows md5 auth - the values stored in pg_auth (and pg_shadow) are password equivalents for the purposes of md5 auth. -- Andrew, Supernews http://www.supernews.com - individual and corporate NNTP services
