Skip site navigation (1) Skip section navigation (2)

Re: Online documentation unclear about authentication defaults

From: bubblboy <bubblboy(at)gmail(dot)com>
To: Alvaro Herrera <alvherre(at)commandprompt(dot)com>
Cc: pgsql-docs(at)postgresql(dot)org
Subject: Re: Online documentation unclear about authentication defaults
Date: 2007-02-07 08:02:34
Message-ID: (view raw, whole thread or download thread mbox)
Lists: pgsql-docs
Alvaro Herrera wrote:
> bubblboy wrote:
>> Hi,
>> After following the postgresql tutorial for setting up a postgresql 
>> server [1] I noticed that I could log in without entering my password. 
>> The documentation did not tell me this (maybe I overlooked it), 
>> eventhough it does show you how to create roles with passwords. In my 
>> opinion it would be a good idea to include a warning like "the default 
>> installation trusts everybody that can make a connection to the 
>> database" because it could lead to some (problematic) confusions.
>> I didn't check extensively in the docs to see if there actually was such 
>> a warning, particularly because I felt that if there was, it was 
>> probably not prominent enough (or I would have noticed). Sorry if there 
>> was indeed a big warning splattered over the tutorial somewhere.
> The tutorial indeed neglects warning you about that, but initdb doesn't.
> It outputs these lines
> WARNING: enabling "trust" authentication for local connections
> You can change this by editing pg_hba.conf or using the -A option the
> next time you run initdb.
> Maybe this is not strong enough, or not scary enough?


You are right, I ran initdb a few weeks ago and continued today. 
Personally, I would say that it wouldn't be a bad idea to include a 
second warning in the documentation nonetheless, just to emphasize it 
(or maybe make the initdb message a little more prominent - who knows). 
I can imagine that I saw all that output and thought "oh well, I'm 
following the tutorial so this won't be very interesting", but maybe 
(probably) that's just plain stupid :)


In response to


pgsql-docs by date

Next:From: Bruce MomjianDate: 2007-02-08 03:57:22
Subject: Re: [HACKERS] [PATCHES] [PERFORM] Direct I/O issues
Previous:From: Alvaro HerreraDate: 2007-02-07 03:43:55
Subject: Re: Online documentation unclear about authentication defaults

Privacy Policy | About PostgreSQL
Copyright © 1996-2017 The PostgreSQL Global Development Group