From: | Lamar Owen <lamar(dot)owen(at)wgcr(dot)org> |
---|---|
To: | Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us> |
Cc: | Peter Eisentraut <peter_e(at)gmx(dot)net>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: [HACKERS] TODO list updated |
Date: | 2000-01-13 19:47:54 |
Message-ID: | 387E2BE9.6658C6FD@wgcr.org |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
Bruce Momjian wrote:
> > * Make postgres user have a password by default
> > There's an initdb switch.
> OK, now we have to decide if we are going to require this be done as
> part of initdb. I am inclined to say the user _has_ to be _prompted_ in
> a secure matter for the password as part of initdb. Have a command-line
> switch for the password is not secure, IMHO, though it is better than
> nothing.
> Let's get people's opinions on this, and we can mark it as done.
As a packager, and a user, I would like the _option_ of setting a
default password using a --prompt-for-password switch.
By all means don't make it default to prompting for a password -- there
are those who do not need a password on the database superuser account,
due to other security measures and connection models (IE, backing a
webserver that is handling authentication and pooling connections under
a single (nonprivileged) user).
--
Lamar Owen
WGCR Internet Radio
1 Peter 4:11
From | Date | Subject | |
---|---|---|---|
Next Message | Oliver Elphick | 2000-01-13 22:14:39 | Problem with foreign keys and inheritance |
Previous Message | Tom Lane | 2000-01-13 18:38:23 | Re: [HACKERS] TODO list updated |