Tom Lane <[EMAIL PROTECTED]> writes: > Arcady Genkin <[EMAIL PROTECTED]> writes: > > Tom Lane <[EMAIL PROTECTED]> writes: > >> Offhand I'd think it foolish to make it easier to get into the > >> superuser account than regular accounts anyway. > > > Not so much if the database only listens on unix domain socket, which > > has tight permissions, and a UNIX user has to identify himself with a > > valid password anyways. > > So? If you can trust local connections from the user who is superuser > to be correctly authenticated, then you can also trust local connections > from the users who are non-superusers. I really completely fail to see > the point of requiring a password to connect to non-critical accounts > while having no password (*LESS* security) for the critical superuser > account.
Suppose that one of the non-superusers accounts is user `apache'. There is a higher chance that this user account is compromised, than the `postgres' account. I can see your point, though. -- Arcady Genkin ---------------------------(end of broadcast)--------------------------- TIP 6: Have you searched our list archives? http://archives.postgresql.org