Noah Misch <noah(at)leadboat(dot)com> writes:
> Let installcheck-world pass against a server requiring a password.
> Give passwords to each user created in support of an ECPG connection
> test case. Use SET SESSION AUTHORIZATION, not a fresh connection, to
> reduce privileges during a dblink test case.
Hm ... is this reasonably secure? It seems like it's creating user
accounts with well-known passwords. The accounts might not be there
for long, but still, I'm not sure I'd care to run this against an
installed server on a machine with hostile users present.
(The problem might have been there even before your patch, but that
doesn't mean it's not a problem.)
regards, tom lane