Magnus Hagander <[email protected]> writes:
> 2009/10/19 Tom Lane <[email protected]>:
>> Now we have a user with name equal to password, which no sane security
>> policy will think is a good thing, but the plugin had no chance to
>> prevent it.
> The big difference is that you need to be superuser to change the name
> of a user, but not to change your own password.
True, but the superuser doesn't necessarily know what the user has
set his password to.
regards, tom lane
--
Sent via pgsql-hackers mailing list ([email protected])
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers
