Am 10.03.2012 16:21, schrieb c k:
> It we can disable the TRUST mode then every user have to login with
> password and every fraud user have to know the password (at least) of
> the user. It is not the case that users from other departments share
> their passwords, but fraud users just bypasses the need to know the
> password.
If they can alter pg_hba.conf they can almost certainly also change/add
users, alter passwords, etc, etc... So from a security perspective it
doesn't buy you much.
I don't know if you could build a custom postgresql from sources with
trust disabled. But it wouldn't be worth the trouble imo.
Jan