On Tue, 12 Aug 2003, Andrew Dunstan wrote:
>
> (Thought triggered by something Tom said the other day)
>
> Is this a security hole? Looks like one to me. Would it be better to use
> a sequence generator for sysids instead of using max+1 on the user
> table? Or else store the last sysid used somewhere?
This issue has been discussed before and it was agreed that since most
UNIX systems will behave in the same way, there's no way to know. Also, it
is not possible for a given database to know the max(sysid) of pg_user in
another database.
Thanks,
Gavin