Joe Conway <mail@joeconway.com> writes:
> What about using the attached for 8.3, as well as earlier?
> It simply does not allow the local database user to become someone else
> on the libpq remote connection unless they are a superuser.
This assumes that usernames on the remote site are equivalent to those
locally. Which is helpful for the sort of local-loop scenarios we've
been thinking about, but is hardly watertight even then (consider
multiple postmasters on one machine). For remote connections it seems
counterproductive; you might as well say "you must be superuser" and
keep it simple.
regards, tom lane