Re: [HACKERS] Is "trust" really a good default?

On Tue, 2004-07-13 at 17:44, Bruce Momjian wrote:
> Magnus Hagander wrote:
> > > not to mention the
> > >more basic problem that the comments will now be wrong.
> >
> > That, however, it is correct :-( Sloppy.
> >
> > How about a text along the line of:
> > CAUTION: Configuring the system for "trust" authentication allows any
> > local user to connect using any PostgreSQL user name, including the
> > superuser, over either Unix domain sockets or TCP/IP. If you are on
> > a multiple-user machine, this is probably not good. Change it to use
> > something other than "trust" authentication.
> >
> >
> >
> > Or something along that line? Since it would no longer actually be
> > default. Or do we want something like "On some installations, the
> > default is..."?
>
> Woh, I didn't think we agreed that the default would change from
> 'trust', only that we would now emit a warning and allow other
> authentication methods to be specified at initdb time.
>

I sure hope not (and that was my understanding as well)

Incidentally that warning is a little misleading since it isn't just
trust authentication that allows the wide open connections, but the
combo of all users / all dbs / trust that does it. For example on one
of my development machine I have a guest user who only has read access
to a specific database from a limited subnet, but with trust
authentication since random people inside the company will sometimes
want to take a look at what I am cooking up. For my needs I use the
superuser account who can access all databases but must come through
ident on a unix socket. Different strokes for different folks eh?

Robert Treat
--
Build A Brighter Lamp :: Linux Apache {middleware} PostgreSQL