Thread: Re: [HACKERS] psql and security

Tatsuo Ishii:

> As you can see, psql reconnect as any user if the password is same as
> foo. Of course this is due to the careless password setting, but I
> think it's better to prompt ANY TIME the user tries to switch to
> another user. Comments?

Does postgres have a concept of a 'root' user? Then the password should
only be prompted when one isn't root; ie. adopt Unix semantics.


Cheers,

Colin

"Colin 't Hart" <cthart@yahoo.com> writes:
> Does postgres have a concept of a 'root' user? Then the password should
> only be prompted when one isn't root; ie. adopt Unix semantics.

Can't really do that in psql's \c, since it's establishing a whole new
connection; there is no possibility for superuserness on the old
connection to provide any relaxation of the check.

However, see SET SESSION AUTHORIZATION, which does what you're thinking
of within the context of a single connection.

            regards, tom lane