From: | "Jonathan S(dot) Katz" <jkatz(at)postgresql(dot)org> |
---|---|
To: | Andrew Dunstan <andrew(dot)dunstan(at)2ndquadrant(dot)com>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com> |
Cc: | Andrew Dunstan <andrew(at)dunslane(dot)net>, pgsql-hackers(at)lists(dot)postgresql(dot)org |
Subject: | Re: initdb recommendations |
Date: | 2019-07-22 22:48:11 |
Message-ID: | e3f7ad32-f663-0d2d-73c6-cafa3def9dfc@postgresql.org |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-docs pgsql-hackers |
On 7/22/19 3:20 PM, Andrew Dunstan wrote:
>
> On 7/22/19 3:15 PM, Tom Lane wrote:
>>
>> Frankly, this episode makes me wonder whether changing the default is
>> even a good idea at this point. People who care about security have
>> already set up their processes to select a useful-to-them auth option,
>> while people who do not care are unlikely to be happy about having
>> security rammed down their throats, especially if it results in the
>> sort of push-ups we're looking at having to do in the buildfarm.
>> I think this has effectively destroyed the argument that only
>> trivial adjustments will be required.
>
> There's a strong tendency these days to be secure by default, so I
> understand the motivation.
So perhaps to bring back the idea that spawned this thread[1], as an
interim step, we provide some documented recommendations on how to set
things up. The original patch has a warning box (and arguably defaulting
to "trust" deserves a warning) but could be revised to be inline with
the text.
Jonathan
[1]
https://www.postgresql.org/message-id/bec17f0a-ddb1-8b95-5e69-368d9d0a3390%40postgresql.org
From | Date | Subject | |
---|---|---|---|
Next Message | Peter Eisentraut | 2019-07-23 06:12:12 | Re: initdb recommendations |
Previous Message | Tom Lane | 2019-07-22 22:08:32 | Re: initdb recommendations |
From | Date | Subject | |
---|---|---|---|
Next Message | Alexander Korotkov | 2019-07-22 22:57:29 | Re: Psql patch to show access methods info |
Previous Message | Alvaro Herrera | 2019-07-22 22:18:29 | Re: getting ERROR "relation 16401 has no triggers" with partition foreign key alter |