Hello,
Is it correct to assume that if a user has write permission to
\data\global\pg_auth on a Win32 machine, the superuser's MD5 hash can be
replaced with one of a known origin in order to own the DB?
I do practice as noted in the Win FAQ, just want to make sure I am not
missing something:
"If you are running PostgreSQL on a multi-user system, you should remove
the permissions from all non-administrative users from the PostgreSQL
directories. No user ever needs permissions on the PostgreSQL files -
all communication is done through the libpq connection. Direct access to
data files can lead to information disclosure or system instability!"
Thanks in advance for any input,
Peter van der Maas
