Tom Lane wrote: > To put that more clearly: if the point is to keep the user's > cleartext password out of the hands of the DBA, then the user has > already blown it by sending the password in cleartext in the first > place. An untrustworthy DBA could trivially insert code into CREATE > USER to log the original password in a place of his choosing.
With SELinux or similar systems, it might be the case that the DBA could not change or insert any code but could configure and read the server logs. But this is admittedly a rare case currently. -- Peter Eisentraut http://developer.postgresql.org/~petere/ ---------------------------(end of broadcast)--------------------------- TIP 9: In versions below 8.0, the planner will ignore your desire to choose an index scan if your joining column's datatypes do not match
