On 10/01/2009 10:24 AM, Kevin Grittner wrote:
Trust authentication has a few valid use cases, but it does tend to worry me that people may leave it enabled in inappropriate situations on production clusters. I don't see how we could get rid of it, but I'd be OK with a warning in the log when a pg_hba.conf file is processed which contains any trust entries.
I don't think "trust" needs to be removed entirely - it is a valid option for demos or training sessions perhaps.
By using the word "abolishing", I might have created the wrong impression. I just meant the default pg_hba.conf having "trust" has always seemed to be a really bad thing to me.
If people already have pg_hba.conf with "trust", I see no reason to stop them.
If a new user tries using PostgreSQL for the first time - I think the default configuration they encounter should be conservative and usable out of the box. I can see how "samehost" fits into this picture. I don't see how "trust" fits into this picture. Does anybody seriously recommend "trust" to newbies for production use? Shouldn't the default pg_hba.conf represent a conservative recommendation from the pgsql developers?
Cheers, mark -- Mark Mielke<m...@mielke.cc> -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
