"Scott Gammans" <nospam_deepgloat@yahoo.com> writes:
> What is to stop a company that is hosting my
> PostgreSQL-enabled website from changing my
> pg_hba.conf file to "TRUST" so that they can go in and
> snoop around my online PostgreSQL databases?
If they have root on the machine running your DBMS, then only their own
integrity stops them from snooping all they want. There is NOTHING that
Postgres can possibly do to defend itself against a root user. "TRUST"
is the least of your worries --- they can alway just examine the
physical files holding the database.
regards, tom lane