| From: | "Magnus Hagander" <mha(at)sollentuna(dot)net> |
|---|---|
| To: | "Christopher Kings-Lynne" <chriskl(at)familyhealth(dot)com(dot)au>, "Bruce Momjian" <pgman(at)candle(dot)pha(dot)pa(dot)us> |
| Cc: | "Tom Lane" <tgl(at)sss(dot)pgh(dot)pa(dot)us>, <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Is "trust" really a good default? |
| Date: | 2004-07-13 07:43:18 |
| Message-ID: | 6BCB9D8A16AC4241919521715F4D8BCE34BE3E@algol.sollentuna.se |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
> >>No, but none of the others are better. See previous discussions in
> >>the archives. I don't think the situation has changed any
> since the
> >>last time we hashed this out.
> >
> > If they supply a password to initdb, shouldn't we then require a
> > password in pg_hba.conf.
>
> This is further to my previous suggestion that we output the
> encoding that is being defaulted to.
>
> NEW USERS DO NOT KNOW THAT -W EXISTS!
>
> Even the majority of experienced users don't!
Exactly...
How about requiring them to put in *either* -W (or --pwfile of course)
*or* a switch that *explicitly* enables trust. And if they don't put in
either of these parameters, refuse to initdb. (are other params
required?) That will at least require a concious decision to enable the
unsafe stuff. And packagers/distributions can add that trust switch if
it's necessary by their packaging system (which arguably is not very
flexible if it does, but I assume this is the reason why the default
wasn't changed - can't find the old discussions in the archives)
This will require initdb to edit pg_hba.conf on the fly and not just
copy it in, but that shuoldn't be too hard.
//Magnus
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Magnus Hagander | 2004-07-13 07:47:20 | Re: Is "trust" really a good default? |
| Previous Message | Christopher Kings-Lynne | 2004-07-13 07:42:21 | Re: bug in pg_dump ALTER DATABASE |