| From: | Alvaro Herrera <alvherre(at)commandprompt(dot)com> |
|---|---|
| To: | bubblboy <bubblboy(at)gmail(dot)com> |
| Cc: | pgsql-docs(at)postgresql(dot)org |
| Subject: | Re: Online documentation unclear about authentication defaults |
| Date: | 2007-02-07 03:43:55 |
| Message-ID: | 20070207034355.GG11742@alvh.no-ip.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-docs |
bubblboy wrote:
> Hi,
>
> After following the postgresql tutorial for setting up a postgresql
> server [1] I noticed that I could log in without entering my password.
> The documentation did not tell me this (maybe I overlooked it),
> eventhough it does show you how to create roles with passwords. In my
> opinion it would be a good idea to include a warning like "the default
> installation trusts everybody that can make a connection to the
> database" because it could lead to some (problematic) confusions.
>
> I didn't check extensively in the docs to see if there actually was such
> a warning, particularly because I felt that if there was, it was
> probably not prominent enough (or I would have noticed). Sorry if there
> was indeed a big warning splattered over the tutorial somewhere.
The tutorial indeed neglects warning you about that, but initdb doesn't.
It outputs these lines
WARNING: enabling "trust" authentication for local connections
You can change this by editing pg_hba.conf or using the -A option the
next time you run initdb.
Maybe this is not strong enough, or not scary enough?
--
Alvaro Herrera http://www.CommandPrompt.com/
PostgreSQL Replication, Consulting, Custom Development, 24x7 support
| From | Date | Subject | |
|---|---|---|---|
| Next Message | bubblboy | 2007-02-07 08:02:34 | Re: Online documentation unclear about authentication defaults |
| Previous Message | bubblboy | 2007-02-07 02:46:00 | Online documentation unclear about authentication defaults |