On 10/01/2009 10:24 AM, Kevin Grittner wrote:
> Trust authentication has a few valid use cases, but it does tend to
> worry me that people may leave it enabled in inappropriate situations
> on production clusters. I don't see how we could get rid of it, but
> I'd be OK with a warning in the log when a pg_hba.conf file is
> processed which contains any trust entries.
I don't think "trust" needs to be removed entirely - it is a valid
option for demos or training sessions perhaps.
By using the word "abolishing", I might have created the wrong
impression. I just meant the default pg_hba.conf having "trust" has
always seemed to be a really bad thing to me.
If people already have pg_hba.conf with "trust", I see no reason to stop
them.
If a new user tries using PostgreSQL for the first time - I think the
default configuration they encounter should be conservative and usable
out of the box. I can see how "samehost" fits into this picture. I don't
see how "trust" fits into this picture. Does anybody seriously recommend
"trust" to newbies for production use? Shouldn't the default pg_hba.conf
represent a conservative recommendation from the pgsql developers?
Cheers,
mark
--
Mark Mielke<mark@mielke.cc>
