> >>No, but none of the others are better.  See previous discussions in 
> >>the archives.  I don't think the situation has changed any 
> since the 
> >>last time we hashed this out.
> > 
> > If they supply a password to initdb, shouldn't we then require a 
> > password in pg_hba.conf.
> 
> This is further to my previous suggestion that we output the 
> encoding that is being defaulted to.
> 
> NEW USERS DO NOT KNOW THAT -W EXISTS!
> 
> Even the majority of experienced users don't!

Exactly...

How about requiring them to put in *either* -W (or --pwfile of course)
*or* a switch that *explicitly* enables trust. And if they don't put in
either of these parameters, refuse to initdb. (are other params
required?) That will at least require a concious decision to enable the
unsafe stuff. And packagers/distributions can add that trust switch if
it's necessary by their packaging system (which arguably is not very
flexible if it does, but I assume this is the reason why the default
wasn't changed - can't find the old discussions in the archives)

This will require initdb to edit pg_hba.conf on the fly and not just
copy it in, but that shuoldn't be too hard.

//Magnus


---------------------------(end of broadcast)---------------------------
TIP 9: the planner will ignore your desire to choose an index scan if your
      joining column's datatypes do not match

Reply via email to