From: | Bruce Momjian <bruce(at)momjian(dot)us> |
---|---|
To: | bubblboy <bubblboy(at)gmail(dot)com> |
Cc: | Alvaro Herrera <alvherre(at)commandprompt(dot)com>, pgsql-docs(at)postgresql(dot)org |
Subject: | Re: Online documentation unclear about authentication defaults |
Date: | 2007-02-19 18:57:45 |
Message-ID: | 200702191857.l1JIvj928551@momjian.us |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-docs |
I have updated the documentation to clarify that initdb -A or editing
pg_hba.conf is required if you do not trust local users --- patch
attached.
---------------------------------------------------------------------------
bubblboy wrote:
> Alvaro Herrera wrote:
> > bubblboy wrote:
> >> Hi,
> >>
> >> After following the postgresql tutorial for setting up a postgresql
> >> server [1] I noticed that I could log in without entering my password.
> >> The documentation did not tell me this (maybe I overlooked it),
> >> eventhough it does show you how to create roles with passwords. In my
> >> opinion it would be a good idea to include a warning like "the default
> >> installation trusts everybody that can make a connection to the
> >> database" because it could lead to some (problematic) confusions.
> >>
> >> I didn't check extensively in the docs to see if there actually was such
> >> a warning, particularly because I felt that if there was, it was
> >> probably not prominent enough (or I would have noticed). Sorry if there
> >> was indeed a big warning splattered over the tutorial somewhere.
> >
> > The tutorial indeed neglects warning you about that, but initdb doesn't.
> > It outputs these lines
> >
> > WARNING: enabling "trust" authentication for local connections
> > You can change this by editing pg_hba.conf or using the -A option the
> > next time you run initdb.
> >
> >
> > Maybe this is not strong enough, or not scary enough?
>
> Hmm,
>
> You are right, I ran initdb a few weeks ago and continued today.
> Personally, I would say that it wouldn't be a bad idea to include a
> second warning in the documentation nonetheless, just to emphasize it
> (or maybe make the initdb message a little more prominent - who knows).
> I can imagine that I saw all that output and thought "oh well, I'm
> following the tutorial so this won't be very interesting", but maybe
> (probably) that's just plain stupid :)
>
> Greetings,
> bb
>
> ---------------------------(end of broadcast)---------------------------
> TIP 3: Have you checked our extensive FAQ?
>
> http://www.postgresql.org/docs/faq
--
Bruce Momjian <bruce(at)momjian(dot)us> http://momjian.us
EnterpriseDB http://www.enterprisedb.com
+ If your life is a hard drive, Christ can be your backup. +
Attachment | Content-Type | Size |
---|---|---|
/rtmp/diff | text/x-diff | 1.7 KB |
From | Date | Subject | |
---|---|---|---|
Next Message | Bruce Momjian | 2007-02-20 03:46:35 | Re: [BUGS] BUG #2913: Subscript on multidimensional array yields no value |
Previous Message | Bruce Momjian | 2007-02-14 04:19:52 | Re: "recovering prepared transaction" after server restart message |