Skip site navigation (1) Skip section navigation (2)

Re: Online documentation unclear about authentication defaults

From: Alvaro Herrera <alvherre(at)commandprompt(dot)com>
To: bubblboy <bubblboy(at)gmail(dot)com>
Cc: pgsql-docs(at)postgresql(dot)org
Subject: Re: Online documentation unclear about authentication defaults
Date: 2007-02-07 03:43:55
Message-ID: 20070207034355.GG11742@alvh.no-ip.org (view raw or flat)
Thread:
Lists: pgsql-docs
bubblboy wrote:
> Hi,
> 
> After following the postgresql tutorial for setting up a postgresql 
> server [1] I noticed that I could log in without entering my password. 
> The documentation did not tell me this (maybe I overlooked it), 
> eventhough it does show you how to create roles with passwords. In my 
> opinion it would be a good idea to include a warning like "the default 
> installation trusts everybody that can make a connection to the 
> database" because it could lead to some (problematic) confusions.
> 
> I didn't check extensively in the docs to see if there actually was such 
> a warning, particularly because I felt that if there was, it was 
> probably not prominent enough (or I would have noticed). Sorry if there 
> was indeed a big warning splattered over the tutorial somewhere.

The tutorial indeed neglects warning you about that, but initdb doesn't.
It outputs these lines

WARNING: enabling "trust" authentication for local connections
You can change this by editing pg_hba.conf or using the -A option the
next time you run initdb.


Maybe this is not strong enough, or not scary enough?

-- 
Alvaro Herrera                                http://www.CommandPrompt.com/
PostgreSQL Replication, Consulting, Custom Development, 24x7 support

In response to

Responses

pgsql-docs by date

Next:From: bubblboyDate: 2007-02-07 08:02:34
Subject: Re: Online documentation unclear about authentication defaults
Previous:From: bubblboyDate: 2007-02-07 02:46:00
Subject: Online documentation unclear about authentication defaults

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group