Re: Is "trust" really a good default? - Mailing list pgsql-hackers

From Tom Lane
Subject Re: Is "trust" really a good default?
Date
Msg-id 15162.1089948458@sss.pgh.pa.us
Whole thread Raw
In response to Re: Is "trust" really a good default?  (Peter Eisentraut <peter_e@gmx.net>)
List pgsql-hackers
Peter Eisentraut <peter_e@gmx.net> writes:
> Tom Lane wrote:
>> There are of course some questions about how to document this
>> effectively, so that it doesn't create more confusion than it avoids.

> Yes, that is another thing I'm afraid of.

Yeah, if you look up-thread you'll find me expressing the same concern
several days ago.  But this doesn't seem to me to be a reason to reject
the idea outright.  Let's ask for a proposed patch that covers all the
needed documentation changes, and see if it seems clear enough or not.

I still think that the presence of -W/--pwfile in initdb's arguments
is a pretty clear cue that TRUST auth isn't what the DBA intends to
use.  Yes, there will be exceptions, but there will be far more
cases where the TRUST default is wrong even though no -W was given.
So I think we might as well try to do the "right thing" here.  I see
no good argument against it except for the potential-confusion one;
let's see if the proponents can refute that argument by providing
clear documentation.
        regards, tom lane


pgsql-hackers by date:

Previous
From: Bruce Momjian
Date:
Subject: Re: [pgsql-hackers-win32] Weird new time zone
Next
From: Oliver Jowett
Date:
Subject: Re: [pgsql-hackers-win32] Weird new time zone