Hi, Don't think this made it the first time... Thanks, Andrew ---------- Forwarded message ---------- Date: Sat, 26 Aug 2000 15:45:55 +1000 (EST) From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Local Users "su'ing" Hi, I'm running postgresql 7.0.2 under FreeBSD 4.1-STABLE. If a user runs pgsql from the command line and then types \c - <user> they can connect to the database with the priveleges of <user>. No password is required, presumably because of the line in pg_hba.conf: local all trust Great fun for someone who su's to pgsql... A couple of questions... 1) This seems to be an odd default behaviour. Should it be documented fairly clearly somewhere (perhaps it is but I missed it) or should the default pg_hba.conf require passwords? 2) Is it possible to not require passwords if the local user connects to postgres as a postgres user of the same name but require a password in all other circumstances? Thanks, Andrew
