Re: [HACKERS] how to keep/lock/ hide pg_hba.conf ?

2011-04-11 Thread Jaime Casanova
On Mon, Apr 11, 2011 at 9:35 AM, john.cheng neoart.hi...@msa.hinet.net wrote: I found that,if user modified the pg_hba.conf, modified the METHODfield from md5 to password if it's a client/server app the user shouldn't have access to the server, so how could him to make the change? Also the

Re: [HACKERS] how to keep/lock/ hide pg_hba.conf ?

2011-04-11 Thread Peter Eisentraut
On mån, 2011-04-11 at 07:35 -0700, john.cheng wrote: I found that,if user modified the pg_hba.conf, modified the METHODfield from md5 to password then,user can find out the password by some the TCP/IP peep tool Don't do that then. Are you concerned that your users would do this? Well, if you