Bruno Wolff III <bruno@wolff.to> writes:
> nolan@celery.tssi.com wrote:
>> I could see some merit to a 'LOCK' option on the alter user command, so that
>> the password can only be changed by a superuser.
> That would only be useful if the account was shared, which is normally a bad
> idea.
It'd seem to me that once a bad guy has gotten into your database,
whether he can change a password is the least of your worries.
The people you'd really want to be afraid of would not call attention
to their breakin by doing anything as blatantly obvious as that, anyway.
In short, I don't see any value in a password lock option either.
And ISTM anyplace that used it would be getting in the way of good
password management practice. Users *should* be encouraged to change
their own passwords, and to do so regularly.
regards, tom lane