Michael Glaesemann said:
>
> On Dec 12, 2005, at 20:33 , Peter Eisentraut wrote:
>
>> Michael Glaesemann wrote:
>>> I'm not familiar enough with the psql code to be able to tell, but is
>>> this secure? The pg_hba.conf on the new server is enforced, I assume?
>>
>> You don't need to be familiar with the psql code to know that it would
>> be pretty stupid if client programs could override the server
>> authentication setup.
>
> I'm sorry if I wasn't clear. My point was I'm not familiar enough
> with the code to see if this implementation is secure. I do indeed
> realize that clients bypassing server authentication is a Bad Thing.
>
The patch is to the client only, not even to libpq, so of course no auth
bypass is involved.
cheers
andrew