Andres Freund <and...@anarazel.de> writes:
> ... We don't prevent the user from making the
> configuration file world-writable either,
Maybe we should. It wasn't an issue originally, because the config files
were necessarily inside $PGDATA which we restrict permissions on. But
these days you can place the config files in places where untrustworthy
people could get at them.
regards, tom lane
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers
