Re: [HACKERS] Is "trust" really a good default?

Robert Treat wrote:
> > Woh, I didn't think we agreed that the default would change from
> > 'trust', only that we would now emit a warning and allow other
> > authentication methods to be specified at initdb time.
> >
>
> I sure hope not (and that was my understanding as well)
>
> Incidentally that warning is a little misleading since it isn't just
> trust authentication that allows the wide open connections, but the
> combo of all users / all dbs / trust that does it. For example on one
> of my development machine I have a guest user who only has read access
> to a specific database from a limited subnet, but with trust
> authentication since random people inside the company will sometimes
> want to take a look at what I am cooking up. For my needs I use the
> superuser account who can access all databases but must come through
> ident on a unix socket. Different strokes for different folks eh?

Sure, but the point is that the 'trust' line added by initdb is
wide-open. Folks who do that fine-grained control will not get confused
by the warning, hopefully.

--
Bruce Momjian | http://candle.pha.pa.us
pgman(at)candle(dot)pha(dot)pa(dot)us | (610) 359-1001
+ If your life is a hard drive, | 13 Roberts Road
+ Christ can be your backup. | Newtown Square, Pennsylvania 19073