Re: FW: [ppa-dev] Severe bug in debian - phppgadmin opens up databases for anyone! - Mailing list pgsql-hackers

Bruce Momjian <pgman@candle.pha.pa.us> writes:
> ... But because we are Internet-enabled,
> and because our insecurity is only local, it seems OK to people.

It's not that it's "okay", it's that we haven't got any good
alternatives.  Password auth sucks from a convenience point of view
(or even from a possibility point of view, for scripts; don't forget
the changes that you yourself recently applied to guarantee that a
script *cannot* supply a password to psql).  Ident auth doesn't work,
or isn't secure, in a lot of cases.  Kerberos, well, not a lot to
offer there either.  What else do you want to make the default?
        regards, tom lane