* Robert Haas (robertmhaas@gmail.com) wrote:
> On Thu, May 7, 2015 at 11:02 AM, Stephen Frost <sfrost@snowman.net> wrote:
> > I realize it's not going to be popular, but I'd love to have 'trust'
> > only allowed if a command-line option is passed to the postmaster or
> > something along those lines. It's really got no business being an
> > option for a network service like PG.
>
> I disagree wholeheartedly. There is such a thing as a trusted network.
Likely a good topic of conversation to be had in Ottawa. :) I agree
that there are trusted networks, but the ones that I work with still
expect network services to require authentication and authorization.
Perhaps they're not really "trusted" then, from your perspective. On
the other hand, I suppose if you use pg_hba to limit which accounts can
be logged into with 'trust' then you might be able to have, say, a
"read-only" user/database that anyone could see. That's a pretty narrow
case though and I'd rather we figure out how to address it directly and
more specifically (no-password login roles?) than the broad
disable-all-authentication "trust" method.
Thanks!
Stephen
