"Viorel Dragomir" <bc(at)vio(dot)ro> writes:
> But this is not really a problem because apache doesn't have any grants on
> database.
> It launches a script that connects to db with a diff username [each username
> has a unique password].
> So if it has only one password on .pgpass only one user can log in.
Not so at all. Read the documentation about .pgpass.
http://www.postgresql.org/docs/view.php?version=7.3&idoc=0&file=libpq-files.html
regards, tom lane