On Fri, Jan 19, 2007 at 09:31:49AM +0100, Bertram Scharpf wrote: > Hi, > > looking at the source code I find out that this works: <snip> > May I rely on this in future versions or are there more > sophisticated ways to do it? Umm, how much more sophisticated do you want? It's more sophicticated than a standard UNIX password file, for example. For password authentication the server either needs to be able to verify the password supplied by the user, and you have the same information the server does, so you can do it too. Only superusers have access to pg_authid anyway, and they can already login as anybody. If you don't like it, don't use password authentication, there are a number of other methods. Have a nice day, -- Martijn van Oosterhout <kleptog@xxxxxxxxx> http://svana.org/kleptog/ > From each according to his ability. To each according to his ability to litigate.
Attachment:
signature.asc
Description: Digital signature
