On 2006-04-15, "Peter van der Maas" <peter@abitogroup.com> wrote:
> Hello,
>
> Is it correct to assume that if a user has write permission to
> \data\global\pg_auth on a Win32 machine, the superuser's MD5 hash can be
> replaced with one of a known origin in order to own the DB?
It's worse than that. If you can _read_ pg_auth, then you can log in as
any user who has an MD5 password provided that pg_hba.conf allows md5
auth - the values stored in pg_auth (and pg_shadow) are password equivalents
for the purposes of md5 auth.
--
Andrew, Supernews
http://www.supernews.com - individual and corporate NNTP services