Bill Moran wrote:
> Bruce Momjian <pgman@candle.pha.pa.us> wrote:
>
> > Chris Ochs wrote:
> > >
> > > What if SET SESSION AUTHORIZATION could also accept a password so that non
> > > superusers could switch to a different user? How difficult would this be?
> >
> > Well, the password would go over the wire unencrypted, causing a
> > security problem.
>
> Only if encrypted transport is not enabled. With encrypted transport, it would
> be as secure as anything else, right?
>
> Perhaps, it could only be available if transmission encryption is enabled? Then
> again, there's a certain amount of "only the user can shoot his own foot" that
> has to be accepted ...
>
> Just thinking out loud ...
Yes, if you use SSH it is secure, but do we want clauses that are only
useful in SSH mode?
--
Bruce Momjian | http://candle.pha.pa.us
pgman@candle.pha.pa.us | (610) 359-1001
+ If your life is a hard drive, | 13 Roberts Road
+ Christ can be your backup. | Newtown Square, Pennsylvania 19073
