Tom Lane wrote:
Being able to edit postgresql.conf gives one the ability to become postgres (hint: you can cause the backend to load a shlib of your choosing, or even more trivially, adjust pg_hba.conf to let you in as superuser), so the above distinction is unenforceable.
And can't we now even point to a completely different location for the actual data, as well as the rest of the config? I'd hate to think of someone changing that out from under me.
cheers
andrew
---------------------------(end of broadcast)--------------------------- TIP 4: Don't 'kill -9' the postmaster
