From: | Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us> |
---|---|
To: | Robert Treat <xzilla(at)users(dot)sourceforge(dot)net> |
Cc: | Magnus Hagander <mha(at)sollentuna(dot)net>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, pgsql-hackers(at)postgresql(dot)org, pgsql-patches(at)postgresql(dot)org |
Subject: | Re: [HACKERS] Is "trust" really a good default? |
Date: | 2004-07-13 23:00:11 |
Message-ID: | 200407132300.i6DN0BH15946@candle.pha.pa.us |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers pgsql-patches |
Robert Treat wrote:
> > Woh, I didn't think we agreed that the default would change from
> > 'trust', only that we would now emit a warning and allow other
> > authentication methods to be specified at initdb time.
> >
>
> I sure hope not (and that was my understanding as well)
>
> Incidentally that warning is a little misleading since it isn't just
> trust authentication that allows the wide open connections, but the
> combo of all users / all dbs / trust that does it. For example on one
> of my development machine I have a guest user who only has read access
> to a specific database from a limited subnet, but with trust
> authentication since random people inside the company will sometimes
> want to take a look at what I am cooking up. For my needs I use the
> superuser account who can access all databases but must come through
> ident on a unix socket. Different strokes for different folks eh?
Sure, but the point is that the 'trust' line added by initdb is
wide-open. Folks who do that fine-grained control will not get confused
by the warning, hopefully.
--
Bruce Momjian | http://candle.pha.pa.us
pgman(at)candle(dot)pha(dot)pa(dot)us | (610) 359-1001
+ If your life is a hard drive, | 13 Roberts Road
+ Christ can be your backup. | Newtown Square, Pennsylvania 19073
From | Date | Subject | |
---|---|---|---|
Next Message | Bruce Momjian | 2004-07-13 23:01:41 | Re: Point in Time Recovery |
Previous Message | Robert Treat | 2004-07-13 22:56:41 | Re: [HACKERS] Is "trust" really a good default? |
From | Date | Subject | |
---|---|---|---|
Next Message | Bruce Momjian | 2004-07-13 23:01:41 | Re: Point in Time Recovery |
Previous Message | Bruce Momjian | 2004-07-13 22:58:20 | Re: PITR Archive Recovery plus WIP PITR |