Skip site navigation (1) Skip section navigation (2)

Re: Bugtraq: Having Fun With PostgreSQL

From: "Andrew Hammond" <andrew(dot)george(dot)hammond(at)gmail(dot)com>
To: "Tom Lane" <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Cc: "Andrew Sullivan" <ajs(at)crankycanuck(dot)ca>, pgsql-hackers(at)postgresql(dot)org
Subject: Re: Bugtraq: Having Fun With PostgreSQL
Date: 2007-06-25 23:22:48
Message-ID: 5a0a9d6f0706251622n6e259584w8d4007e8043ce8e1@mail.gmail.com (view raw or flat)
Thread:
Lists: pgsql-hackers
On 6/25/07, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
> Andrew Sullivan <ajs(at)crankycanuck(dot)ca> writes:
> > On Mon, Jun 25, 2007 at 01:31:52PM -0400, Tom Lane wrote:
> >> Why is that better than the initdb-time option we already have?
> >> Locking down options earlier rather than later is usually not a win.
>
> > Like I said, I don't actually think it _is_ better.  But it would
> > solve the problem that some people think it's a bad thing that you
> > run superuser-type commands without reading the manual, and then get
> > a badly-secured system.  (The idea here, incidentally, is not to
> > replace the initdb-time option, but to set the default of the initdb
> > command.)
>
> But, per previous discussion, the people that would be affected are
> only the ones building from source.  If they didn't read the manual
> for initdb (nor notice the warning it puts out about trust auth),
> they *certainly* didn't look for any nonstandard configure options.
> The normal build process for any open-source package is
>
>         ./configure
>         make
>         sudo make install
>         ... now what?  OK, time to read the manual ...

Since they presumably don't know about initdb yet, yeah, I figure
they'll be reading the manual. We already talk  about how to initdb.
It seems reasonable to have the manual talk about how to initially
connect to your "secure by default" database and create a
non-superuser working user.

I like the idea of it being a configure flag, it seems the least
invasive way to do it.

Andrew

In response to

Responses

pgsql-hackers by date

Next:From: Tom LaneDate: 2007-06-25 23:31:28
Subject: Re: Bugtraq: Having Fun With PostgreSQL
Previous:From: Jim NasbyDate: 2007-06-25 23:11:26
Subject: Re: Winner of naming discussions: Synchronous Commit

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group