Magnus Hagander <magnus@hagander.net> writes:
> On Wed, Mar 12, 2014 at 3:52 PM, Tom Lane <tgl@sss.pgh.pa.us> wrote:
>> A local user with the superuser privilege would not be able to log into
>> another database, because superuser doesn't give you any extra privilege
>> until you've logged in.
>>
>> Yeah, as superuser you could still break things as much as you pleased,
>> but not through SQL.
> You could COPY over the hba file or sometihng like that :) Or just
> pg_read_binary_file() on the files in another database, which is accessible
> through SQL as well.
More directly, he could alter pg_authid to make himself a not-local user.
But I don't see that it's our responsibility to prevent that. As long as
the combination of features works in a straightforward way, I'm happy
with it --- and it would, AFAICS.
regards, tom lane