On 7/22/19 3:20 PM, Andrew Dunstan wrote:
>
> On 7/22/19 3:15 PM, Tom Lane wrote:
>>
>> Frankly, this episode makes me wonder whether changing the default is
>> even a good idea at this point. People who care about security have
>> already set up their processes to select a useful-to-them auth option,
>> while people who do not care are unlikely to be happy about having
>> security rammed down their throats, especially if it results in the
>> sort of push-ups we're looking at having to do in the buildfarm.
>> I think this has effectively destroyed the argument that only
>> trivial adjustments will be required.
>
> There's a strong tendency these days to be secure by default, so I
> understand the motivation.
So perhaps to bring back the idea that spawned this thread[1], as an
interim step, we provide some documented recommendations on how to set
things up. The original patch has a warning box (and arguably defaulting
to "trust" deserves a warning) but could be revised to be inline with
the text.
Jonathan
[1]
https://www.postgresql.org/message-id/bec17f0a-ddb1-8b95-5e69-368d9d0a3390%40postgresql.org
