On 2006-04-15, "Peter van der Maas" <[EMAIL PROTECTED]> wrote: > Hello, > > Is it correct to assume that if a user has write permission to > \data\global\pg_auth on a Win32 machine, the superuser's MD5 hash can be > replaced with one of a known origin in order to own the DB?
It's worse than that. If you can _read_ pg_auth, then you can log in as any user who has an MD5 password provided that pg_hba.conf allows md5 auth - the values stored in pg_auth (and pg_shadow) are password equivalents for the purposes of md5 auth. -- Andrew, Supernews http://www.supernews.com - individual and corporate NNTP services ---------------------------(end of broadcast)--------------------------- TIP 9: In versions below 8.0, the planner will ignore your desire to choose an index scan if your joining column's datatypes do not match
