| From: | Peter Eisentraut <peter_e(at)gmx(dot)net> |
|---|---|
| To: | "Magnus Hagander" <mha(at)sollentuna(dot)net>, "Tom Lane" <tgl(at)sss(dot)pgh(dot)pa(dot)us>, "Merlin Moncure" <merlin(dot)moncure(at)rcsonline(dot)com> |
| Cc: | <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Is "trust" really a good default? |
| Date: | 2004-07-13 08:33:02 |
| Message-ID: | 200407131033.02089.peter_e@gmx.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Magnus Hagander wrote:
> This is the very reason --pwfile was added. It's not just a win32
> fix, it's a "any packager that needs to run without interactivity"
> fix. Yes, you can stick a blank password in there, but again, this is
> a choice and not a default in that case.
No, that's not what it was added for. It was added for catering to
packaging mechanisms that have other interfaces for interactivity. But
just hardcoding a default password into a package gains no security at
all.
--
Peter Eisentraut
http://developer.postgresql.org/~petere/
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Simon Riggs | 2004-07-13 11:05:17 | Re: Anoncvs down? |
| Previous Message | Magnus Hagander | 2004-07-13 07:51:04 | Re: Is "trust" really a good default? |