Bruce Momjian <pgman@candle.pha.pa.us> wrote:
> Chris Ochs wrote:
> >
> > What if SET SESSION AUTHORIZATION could also accept a password so that non
> > superusers could switch to a different user? How difficult would this be?
>
> Well, the password would go over the wire unencrypted, causing a
> security problem.
Only if encrypted transport is not enabled. With encrypted transport, it would
be as secure as anything else, right?
Perhaps, it could only be available if transmission encryption is enabled? Then
again, there's a certain amount of "only the user can shoot his own foot" that
has to be accepted ...
Just thinking out loud ...
--
Bill Moran
Potential Technologies
http://www.potentialtech.com