Steve Atkins <steve(at)blighty(dot)com> writes:
> On Apr 14, 2006, at 6:47 PM, Peter van der Maas wrote:
>> Is it correct to assume that if a user has write permission to
>> \data\global\pg_auth on a Win32 machine, the superuser's MD5 hash
>> can be replaced with one of a known origin in order to own the DB?
> Probably. It'd be much easier to edit pg_hba.conf, though.
Actually, if you have write permission on the $PGDATA tree, you
*already* own the DB for every practical purpose. Focusing on passwords
is silly.
regards, tom lane