Re: Logging of matching pg_hba.conf entry during auth skips trust auth, potential security issue

On Mon, 21 Aug 2023 at 19:23, Michael Paquier <michael(at)paquier(dot)xyz> wrote:

I am not sure that we need to change this historic term, TBH. Perhaps
> it would be shorter to just rip off the trust method from the tree
> with a deprecation period but that's not something I'm much in favor
> off either (I use it daily for my own stuff, as one example).
> Another, more conservative approach may be to make it a developer-only
> option and discourage more its use in the docs.
>

I hope we're not really considering removing the "trust" method. For
testing and development purposes it's very handy — just tell the database,
running in a VM, to allow all connections and just believe who they say
they are from a client process running in the same or a different VM, with
no production data anywhere in site and no connection to the real network.

If people are really getting confused and using it in production, then
change the documentation to make it even more clear that it is a
non-authenticating setting which is there specifically to bypass security
in testing contexts. Ultimately, real tools have the ability to cut your
arm off, and our documentation just needs to make clear which parts of
Postgres are like that.