"Robert B. Easter" <reaster@comptechnews.com> writes:
> I'd say under the scheme proposed, you really have to trust your dba
> and change your password frequently. Anyone with access to the hashes
> can login as you and make you look bad.
Again, what's your point? The dbadmin can do whatever he wants *inside
the database*, including altering data that you might nominally be
responsible for. He doesn't need your password for that, any more than
your local Unix sysadmin needs anything but root privileges to alter
your files.
The point of this change is to make sure that the dbadmin can't get
at your cleartext password, which might allow him to pose as you for
non-database purposes (if you are so foolish as to use that same
cleartext password for non-database purposes).
regards, tom lane
