Skip site navigation (1) Skip section navigation (2)

Re: Online documentation unclear about authentication defaults

From: Bruce Momjian <bruce(at)momjian(dot)us>
To: bubblboy <bubblboy(at)gmail(dot)com>
Cc: Alvaro Herrera <alvherre(at)commandprompt(dot)com>, pgsql-docs(at)postgresql(dot)org
Subject: Re: Online documentation unclear about authentication defaults
Date: 2007-02-19 18:57:45
Message-ID: 200702191857.l1JIvj928551@momjian.us (view raw or flat)
Thread:
Lists: pgsql-docs
I have updated the documentation to clarify that initdb -A or editing
pg_hba.conf is required if you do not trust local users --- patch
attached.

---------------------------------------------------------------------------

bubblboy wrote:
> Alvaro Herrera wrote:
> > bubblboy wrote:
> >> Hi,
> >>
> >> After following the postgresql tutorial for setting up a postgresql 
> >> server [1] I noticed that I could log in without entering my password. 
> >> The documentation did not tell me this (maybe I overlooked it), 
> >> eventhough it does show you how to create roles with passwords. In my 
> >> opinion it would be a good idea to include a warning like "the default 
> >> installation trusts everybody that can make a connection to the 
> >> database" because it could lead to some (problematic) confusions.
> >>
> >> I didn't check extensively in the docs to see if there actually was such 
> >> a warning, particularly because I felt that if there was, it was 
> >> probably not prominent enough (or I would have noticed). Sorry if there 
> >> was indeed a big warning splattered over the tutorial somewhere.
> > 
> > The tutorial indeed neglects warning you about that, but initdb doesn't.
> > It outputs these lines
> > 
> > WARNING: enabling "trust" authentication for local connections
> > You can change this by editing pg_hba.conf or using the -A option the
> > next time you run initdb.
> > 
> > 
> > Maybe this is not strong enough, or not scary enough?
> 
> Hmm,
> 
> You are right, I ran initdb a few weeks ago and continued today. 
> Personally, I would say that it wouldn't be a bad idea to include a 
> second warning in the documentation nonetheless, just to emphasize it 
> (or maybe make the initdb message a little more prominent - who knows). 
> I can imagine that I saw all that output and thought "oh well, I'm 
> following the tutorial so this won't be very interesting", but maybe 
> (probably) that's just plain stupid :)
> 
> Greetings,
> bb
> 
> ---------------------------(end of broadcast)---------------------------
> TIP 3: Have you checked our extensive FAQ?
> 
>                http://www.postgresql.org/docs/faq

-- 
  Bruce Momjian  <bruce(at)momjian(dot)us>          http://momjian.us
  EnterpriseDB                               http://www.enterprisedb.com

  + If your life is a hard drive, Christ can be your backup. +

Attachment: /rtmp/diff
Description: text/x-diff (1.7 KB)

In response to

pgsql-docs by date

Next:From: Bruce MomjianDate: 2007-02-20 03:46:35
Subject: Re: [BUGS] BUG #2913: Subscript on multidimensional array yields no value
Previous:From: Bruce MomjianDate: 2007-02-14 04:19:52
Subject: Re: "recovering prepared transaction" after server restart message

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group