Re: db_user_namespace a "temporary measure"

Magnus Hagander <magnus@hagander.net> writes:
> On Wed, Mar 12, 2014 at 3:52 PM, Tom Lane <tgl@sss.pgh.pa.us> wrote:
>> A local user with the superuser privilege would not be able to log into
>> another database, because superuser doesn't give you any extra privilege
>> until you've logged in.
>> 
>> Yeah, as superuser you could still break things as much as you pleased,
>> but not through SQL.

> You could COPY over the hba file or sometihng like that :)  Or just
> pg_read_binary_file() on the files in another database, which is accessible
> through SQL as well.

More directly, he could alter pg_authid to make himself a not-local user.
But I don't see that it's our responsibility to prevent that.  As long as
the combination of features works in a straightforward way, I'm happy
with it --- and it would, AFAICS.
        regards, tom lane