| From: | "Magnus Hagander" <mha(at)sollentuna(dot)net> |
|---|---|
| To: | "Bruce Momjian" <pgman(at)candle(dot)pha(dot)pa(dot)us> |
| Cc: | "Tom Lane" <tgl(at)sss(dot)pgh(dot)pa(dot)us>, <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Is "trust" really a good default? |
| Date: | 2004-07-14 07:56:23 |
| Message-ID: | 6BCB9D8A16AC4241919521715F4D8BCE34BE53@algol.sollentuna.se |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
> Magnus Hagander wrote:
> > > not to mention the
> > >more basic problem that the comments will now be wrong.
> >
> > That, however, it is correct :-( Sloppy.
> >
> > How about a text along the line of:
> > CAUTION: Configuring the system for "trust" authentication
> allows any
> > local user to connect using any PostgreSQL user name, including the
> > superuser, over either Unix domain sockets or TCP/IP. If
> you are on a
> > multiple-user machine, this is probably not good. Change it to use
> > something other than "trust" authentication.
> >
> >
> >
> > Or something along that line? Since it would no longer actually be
> > default. Or do we want something like "On some installations, the
> > default is..."?
>
> Woh, I didn't think we agreed that the default would change
> from 'trust', only that we would now emit a warning and allow
> other authentication methods to be specified at initdb time.
Certainly, I'm not saying it shuold change (I've given that up by now).
But the difference would be that if you used -W with initdb, it would
change the default *for that installation*. Initdb-with-no-parameters
would stay the same to keep people who don't know about the switches
happier.
//Magnus
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Oliver Elphick | 2004-07-14 08:41:46 | Re: [HACKERS] Is "trust" really a good default? |
| Previous Message | Karel Zak | 2004-07-14 07:32:04 | Re: Assisting developers |