On Mon, 21 Aug 2023 at 19:23, Michael Paquier <mich...@paquier.xyz> wrote:
I am not sure that we need to change this historic term, TBH. Perhaps > it would be shorter to just rip off the trust method from the tree > with a deprecation period but that's not something I'm much in favor > off either (I use it daily for my own stuff, as one example). > Another, more conservative approach may be to make it a developer-only > option and discourage more its use in the docs. > I hope we're not really considering removing the "trust" method. For testing and development purposes it's very handy — just tell the database, running in a VM, to allow all connections and just believe who they say they are from a client process running in the same or a different VM, with no production data anywhere in site and no connection to the real network. If people are really getting confused and using it in production, then change the documentation to make it even more clear that it is a non-authenticating setting which is there specifically to bypass security in testing contexts. Ultimately, real tools have the ability to cut your arm off, and our documentation just needs to make clear which parts of Postgres are like that.
