Andres Freund <[email protected]> writes:
> ... We don't prevent the user from making the
> configuration file world-writable either,
Maybe we should. It wasn't an issue originally, because the config files
were necessarily inside $PGDATA which we restrict permissions on. But
these days you can place the config files in places where untrustworthy
people could get at them.
regards, tom lane
--
Sent via pgsql-hackers mailing list ([email protected])
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers
