Robert Treat <[EMAIL PROTECTED]> writes: > Did you mean s/trust/ident/g, otherwise I don't think I understand the > above...
Both trust and ident local auth are sources of risk for this, although ident is particularly nasty since the DBA probably thinks he's being secure. For that matter, I'm not sure that *any* auth method except password offers much security against the problem; don't LDAP and Kerberos likewise rely mostly on process-level identity? And possibly PAM depending on which PAM plugin you're using? I'm not sure whether this is something to back-patch, though, since a back-patch will accomplish zero for existing installations. regards, tom lane ---------------------------(end of broadcast)--------------------------- TIP 2: Don't 'kill -9' the postmaster