Noah Misch <[email protected]> writes:
> Let installcheck-world pass against a server requiring a password.
> Give passwords to each user created in support of an ECPG connection
> test case. Use SET SESSION AUTHORIZATION, not a fresh connection, to
> reduce privileges during a dblink test case.
Hm ... is this reasonably secure? It seems like it's creating user
accounts with well-known passwords. The accounts might not be there
for long, but still, I'm not sure I'd care to run this against an
installed server on a machine with hostile users present.
(The problem might have been there even before your patch, but that
doesn't mean it's not a problem.)
regards, tom lane
--
Sent via pgsql-committers mailing list ([email protected])
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-committers
