Magnus Hagander <mag...@hagander.net> writes:
> 2009/10/19 Tom Lane <t...@sss.pgh.pa.us>:
>> Now we have a user with name equal to password, which no sane security
>> policy will think is a good thing, but the plugin had no chance to
>> prevent it.
> The big difference is that you need to be superuser to change the name
> of a user, but not to change your own password.
True, but the superuser doesn't necessarily know what the user has
set his password to.
regards, tom lane
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers
