Re: Is "trust" really a good default? - Mailing list pgsql-hackers

From Magnus Hagander
Subject Re: Is "trust" really a good default?
Date
Msg-id 6BCB9D8A16AC4241919521715F4D8BCE34BE53@algol.sollentuna.se
Whole thread Raw
In response to Is "trust" really a good default?  ("Magnus Hagander" <mha@sollentuna.net>)
Responses Re: Is "trust" really a good default?
List pgsql-hackers
> Magnus Hagander wrote:
> > > not to mention the
> > >more basic problem that the comments will now be wrong.
> >
> > That, however, it is correct :-( Sloppy.
> >
> > How about a text along the line of:
> > CAUTION: Configuring the system for "trust" authentication
> allows any
> > local user to connect using any PostgreSQL user name, including the
> > superuser, over either Unix domain sockets or TCP/IP. If
> you are on a
> > multiple-user machine, this is probably not good. Change it to use
> > something other than "trust" authentication.
> >
> >
> >
> > Or something along that line? Since it would no longer actually be
> > default. Or do we want something like "On some installations, the
> > default is..."?
>
> Woh, I didn't think we agreed that the default would change
> from 'trust', only that we would now emit a warning and allow
> other authentication methods to be specified at initdb time.

Certainly, I'm not saying it shuold change (I've given that up by now).
But the difference would be that if you used -W with initdb, it would
change the default *for that installation*. Initdb-with-no-parameters
would stay the same to keep people who don't know about the switches
happier.

//Magnus



pgsql-hackers by date:

Previous
From: Karel Zak
Date:
Subject: Re: Assisting developers
Next
From: Oliver Elphick
Date:
Subject: Re: [PATCHES] Is "trust" really a good default?